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(54) [Title of the Invention] Information processing 
apparatus and method, and providing medium 
(57) [Abstract] 

[Problem] To prevent the ]cey 
used for encrypting 

information from being read 
when the information is 
decrypted. 

[Solving Means] A cross- 

authentication module 71 
performs cross -authentication 
with an expanding portion 63 
and generates a temporary Icey, 
a storage module 73 stores a 
second Jcey, a decryption unit 
91 decrypts a first Icey with 
the second Icey, and an 
encryption unit 92 encrypts 
the first Icey with the 
temporary key. A cross - 
authentication module 75 
performs cross-authentication 
with storage means and 
generates a temporary key, a 
decryption module 7 6 decrypts 
a first Jcey with the temporary 
key, and a decryption module 
77 decrypts information with 
the first key. 



51 RECEIVER 

COMMUNICATING PORTION 61 
CROSS -AUTHENTICATION MODULE 71 
FEE MODULE 72 
STORAGE MODULE 73 
DECRYPTION/ ENCRYPTION MODULE 74 
DECRYPTION UNIT 91 
ENCRYPTION MODULE 93 
RANDOM NUMBER GENERATING UNIT 92 
EXPANSION PORTION 63 
CROSS-AUTHENTICATION MODULE 7 5 
DECRYPTION MODULE 7 6 
DECRYPTION MODULE 77 
EXPANSION MODULE 78 
WATERMARKING MODULE 79 
IC CARD INTERFACE 64 
IC CARD 55 

CROSS- AUTHENTICATION MODULE 80 
STORAGE MODULE 81 
RECORDER 53 

RECORDING/ REPRODUCING PORTION 6 5 
SAM 66 

EXPANDING PORTION 67 
MD DRIVER 54 
USER HOME NETWORK 5 
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[Claims] 

[Claim 1] An information processing apparatus 
comprising first storage means and first decryption 
means that use encrypted information, an encrypted 
5 first key for decrypting said information, and a second 
key for decrypting said first key to decrypt said 
information, characterized by 
said first storage means comprising: 

first cross-authentication means for performing cross- 
10 authentication with said first decryption means and 
generating a temporary key; 

second storage means for storing said second key; 
second decryption means for decrypting said first key 
with said second key; and 
15 encryption means . for encrypting said first key with 
said temporary key, and 
said first decryption means comprising: 

second cross-authentication means for performing cross- 
authentication with said first storage means and 
20 generating a temporary key; 

third decryption means for decrypting said first key 
with said temporary key; and 

fourth decryption means for decrypting said information 

with said first key. 
25 [Claim 2] An information processing method for an 

information processing apparatus comprising storage 

means and decryption means that use encrypted 
. information, an encrypted first key for decrypting said 

information, and a second key for decrypting said first 
3 0 key to decrypt said information, characterized by 

said storage means executing: 

a first cross-authentication step of cross- 
authentication with said decryption means and 
generation of a temporary key; 
35 a storage step of storing said second key; 

a first decryption step of decrypting said first key 
with said second key; and 

an encryption step of encrypting said first key with 
said temporary key, and 
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said decryption means executing: 

a second cross-authentication step of cross- 
authentication with said storage means and generation 
of a temporary key; 
5 a second decryption step of decrypting said first key 
with said temporary key; and 

a third decryption step of decrypting said information 
with said first key. 

[Claim 3] A providing medium for an information 
10 processing apparatus comprising storage means and 
decryption means that use encrypted information, an 
enc2rypted first key for decrypting said information, 
and a second key for decrypting said first key to 
decrypt said information, characterized by provision of 
15 a computer-readable program that causes said storage 
means to execute a processing comprising: 
a first cross-authentication step of cross- 
authentication with said decryption means and 
generation of a temporary key; 

2 0 a storage step of storing said second key; 

a first decryption step of decrypting said first key 
with said second key; and 

an encryption step of encrypting said first key with 
said temporary key, and 
25 that causes said decryption means to execute a 
processing comprising: 

a second cross-authentication step of cross- 
authentication with said storage means and generation 
of a temporary key; 

3 0 a second decryption step of decrypting said first key 

with said temporary key; and 

a third decryption step of decrypting said information 
with said first key. 

[Detailed Description of the Invention] 
35 [0001] 

[Technical Field of the Invention] The present 
invention relates to an information processing 
apparatus and method, and a providing medium, and more 
particularly relates to an information processing 



- 5 - 

apparatus and method and providing medium for 

decrypting encrypted information. 

[0002] 

[Prior Art] A system based on information sucli as music 
5 being encrypted and transmitted to an information 
processing apparatus belonging to a user wlio lias 
entered into a predetermined agreement wlio uses the 
information processing apparatus to decrypt and 
reproduce the information is available. In this system, 

10 a Icey used to encrypt the information is additionally 
encrypted with a predetermined Icey and recorded. The 
Icey used to encrypt the Icey for encrypting the 
information is stored in a storage medium for which 
improper access is difficult, and it is read and 

15 utilized only when the information is to be decrypted. 
Accordingly, the Icey used to encrypt the information 
cannot be improperly utilized and, in turn, the 
information cannot be improperly utilized. 
[0003] 

2 0 [Problems to be Solved by the Invention] However, when 
the information is decrypted, the Icey used to encrypt 
the information is decrypted and transmitted to a 
decryption circuit or a decryption apparatus for 
decrypting information. The Icey used to encrypt the 

25 information is in its decrypted state at this time and, 
as a result, it is able to be read comparatively easily 
from the communications either from within the 
apparatuses or between apparatuses and, if this Icey is 
read, the information is able to be improperly utilized 

30 without difficulty. 

[0004] With the foregoing conditions in mind, it is an 
object of the present invention to prevent the Icey used 
for encrypting information from being read when the 
information is decrypted. 

35 [0005] [Means of Resolving the Problems] The 
information processing apparatus according to claim 1 
is characterized in that first storage means comprise 
first cross-authentication means for performing cross- 
authentication with first decryption means- and 



- 6 - 

generating a temporary key, second storage means for 
storing a second key, second decryption means for 
decrypting a first key with the second key, and 
encryption means for encrypting the first key with the 
5 temporary key, and in that first decryption means 
comprise second cross-authentication means for 
performing cross-authentication with first storage 
means and generating a temporary key, third decryption 
means for decrypting a first key with the temporary 
10 key, and fourth decryption means for decrypting 
information with the first key. 

[0006] The information processing method according to 
claim 2 is characterized in that storage means execute 
a first cross-authentication step for performing cross- 

15 authentication with decryption means and generating a 
temporary key, a storage step for storing a second key, 
a first decryption step for decrypting a first key with 
the second key, and an encryption step for encrypting 
the first key with the temporary key, and in that 

2 0 decryption means execute a second cross-authentication 
step for performing cross-authentication with storage 
means and generating a temporary key, a second 
decryption step for decrypting a first key with the 
temporary key, and a third decryption step for 

25 decrypting information with the first key. 

[0007] The providing medium according to claim 3 is 
characterized by provision of a computer-readable 
program that causes storage means to execute a 
processing comprising a first cross-authentication step 

30 of cross-authentication with the decryption means and 
generation of a temporary key, a storage step of 
storing a second key, a first decryption step of 
decrypting the first key with the second key, and an 
encryption step of encrypting the first key with the 

35 temporary key, and that causes decryption means to 
execute a processing comprising a second cross- 
authentication step of cross-authentication with the 
storage means and generation of a temporary key, a 
second decryption step of decrypting the first key with 
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the temporary key, and a third decryption step of 
decrypting the information with the first key. 
[0008] The information processing apparatus according 
to claim 1, information processing method according to 
5 claim 2 and providing mediiim according to claim 3 are 
used to perform cross-authentication, generate a 
temporary key, store a second key, decrypt a first key 
with the second key, encrypt the first key with the 
temporary key, decrypt the first key with the temporary 
10 key, and. decrypt information with the first key. 
[0009] 

[Embodiments of the Invention] While the present 
invention is hereinafter described with reference to 
embodiments thereof, to ensure clarity of the 

15 corresponding relationship between the embodiments and 
the various means of the invention described in the 
claims, the characterizing features of the present 
invention are described below with the corresponding 
embodiment (a single example) indicated in parentheses 

20 following the means. However, this description should 
not be taken to mean the present invention is 
restricted to these means. 

[0010] That is to say, the information processing 
apparatus according to claim 1 is characterized in that 

25 first storage means (for example, SAM 62 of FIG. 10) 
comprises first cross-authentication means (for 
example, cross-authentication module 71 of FIG. 10) for 
performing cross-authentication with first decryption 
means and generating a temporary key, second storage 

30 means (for example, storage module 73 of FIG. 10) for 
storing a second key, second decryption means (for 
example, decryption unit 91 of FIG. 10) for decrypting 
a first key with the second key, and encryption means 
(for example, encryption unit 92 of FIG. 10) for 

3 5 encrypting the first key with the temporary key, and in 
that first decryption means (for example, expanding 
portion 63 of FIG. 10) comprises second cross- 
authentication means (for example, cross-authentication 
module 75 of FIG. 10) for performing cross- 
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authentication with first storage means and generating 
a temporary key, third decryption means (for example, 
decryption module 76 of FIG. 10) for decrypting a first 
key with the temporary key, and fourth decryption means 
5 (for example, decryption module 77 of FIG. 10) for 
decrypting information with the first key. 
[0011] FIG. 1 illustrates an EMD (Electronic Music 
Distribution) system in which the present invention has 
application. The content delivered to a user in a 

.10 system of this kind is digital data of which the 
information itself has a value and, as an example 
thereof, music data will be hereinafter described. An 
EMD service centre 1 performs processings for sending a 
delivery key Kd to a content provider 2 and a user home 

15 network 5, receiving fee information and the like from 
the user home network 5 in accordance with the content 
used, calculating usage fees, and distributing profit 
distribution to the content provider 2 and the service 
provider 3 . 

2 0 [0012] The content provider 2, which possesses the 

digitalized content, inserts a watermark (electronic 
watermark) that identifies the content as its own, 
compresses and encrypts the content, and appends 
predetermined information thereto and sends the content 

25 to the service provider 3. 

[0013] The service provider 3 appends a price to the 
content supplied from the content provider 2 and sends 
this to the user home network 5 through a network 4 
constituted from, for example, a private cable network, 

30 the Internet, or a communicationsf satellite . 

[0014] The user home network 5 acquires the content 
transmitted with price appended from the service 
provider 3 and, together with decrypting the content 
for reproduction, executes a fee processing. The fee 

3 5 information obtained by the fee processing is 

transmitted to the EMD service centre 1 when the user 
home network 5 acquires a delivery key Kd from the EMD 
service centre 1. 
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[0015] FIG. 2 is a block diagram showing the functional 
configuration of the EMD service centre 1. A service 
provider managing portion 11 supplies profit 
distribution information to the service provider 3, and 
5 sends a delivery key Kd to the service provider 3 when 
information (usage policy) appended to the content 
supplied from the content provider '2 is encrypted. A 
content provider managing portion 12 sends a delivery 
key Kd and supplies profit distribution information to 

10 the content provider 2. A copyright managing portion 13 
sends information expressing the content usage record 
by the user home network 5 to a copyright management 
body, for example, to JASRAC (Japanese Society for 
Rights of Authors, Composers and Publishers) . A key 

15 server 14 stores the delivery key Kd and supplies it to 
the content provider 2 or the user home network 5 or 
the like via the content provider managing portion 12 
or a user managing portion 18. The user managing 
portion 18 stores fee information which is information 

2 0 that expresses the content usage record of the user 

home network 5, pricing information corresponding to 
this content, and the usage policy corresponding to 
this content input thereto in a log data managing 
portion 15. 

25 [0016] An example of a delivery key Kd being regularly 
transmitted from the EMD service centre 1 to a receiver 
51 (described later with reference to FIG. 10) 
configured from a user home network 5 and a content 
provider 2 will be hereinafter described with reference 

3 0 to FIGS. 3 to 6. FIG. 3 shows the delivery key Kd 

possessed by the EMD service centre 1, the delivery key 
Kd possessed by the content provider 2 and the delivery 
key Kd possessed by the receiver 51 in January 1998 
. when the content is initially provided by the content 
35 provider 2 and initially used by the receiver 51 
comprising the user home network 5. 

[0017] In the example of FIG. 3, a delivery key Kd is 
usable from the first day to the last day of a calendar 
month, for example, a version 1 delivery key Kd with a 
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random number value "aaaaaaaa" of a predetermined 
number of bits is usable from January 1, 1998 to 
January 31, 1998 (that is to say, a content key Kco for 
encrypting the content distributed by the service 
5 provider 3 to the user home network 5 in the period 
from January 1, 1998 to January 31, 1998 is encrypted 
with the version 1 delivery key. Kd) . A version 2 
delivery key Kd with a random number value "bbbbbbbb" 
of a predetermined number of bits is usable from 

10 February 1, 1998 to February 28, 1998 (that is to say, 
a content key Kco for encrypting the content 
distributed by the service provider 3 to the user home 
network 5 during the given period is encrypted by the 
version 2 delivery key Kd) . Similarly, a version 3 

15 delivery key Kd is usable during March 1998, a version 
4 delivery key Kd is usable during April 1998, a 
version 5 delivery key Kd is usable during May 1998, 
and a version 6 delivery key Kd is usable during June 
1998. 

2 0 [0018] Prior to the content provider 2 beginning to 
provide the content, the EMD service centre 1 sends six 
delivery keys Kd . - versions 1 to 6 - usable from 
January 1998 to June 1998 to the content provider 2, 
and the content provider 2 receives and stores these 

25 six delivery keys Kd.. The reason for storing a 6-month 
period of delivery keys Kd is because, prior to the 
provision of content, a predetermined peridd of time is 
required for the content provider 2 to carry out 
preparations such as content and content key 

30 encryption. 

[0019] Prior to the receiver 51 beginning to use the 
content, the EMD service centre 1 sends three delivery 
keys Kd - versions 1 to 3 - usable from January 1998 to 
March 1998 to the receiver 51, and the receiver 51 

35 receives and stores these three delivery keys Kd, The 
reason for storing a 3 -month period of delivery keys Kd 
is to avoid a situation in which, regardless of the 
content being used during the valid agreement period, 
the content cannot be used due to trouble caused by the 



receiver 51 being unable to be connected to the EMD 
service centre 1, as well as to decrease the frequency 
of connections to the EMD service centre 1 to reduce 
the load on the user home network 5 . 
5 [002 0] The version 1 delivery key Kd is used by the EMD 
service centre 1, the content provider 2, and the 
receiver 51 from which the user home network 5 is 
constituted during the period from January 1, 1998 to 
January 31, 199 8. 

10 [0021] The transmission of delivery keys Kd from the 
EMD service centre 1 to the content provider 2 and the 
receiver 51 on February 1, 1998 will be described with 
reference to FIG. 4. The EMD service centre 1 sends six 
delivery keys Kd - versions 2 to 7 - usable from 

15 February 1998 to July 1998 to the content provider 2, 
and the content provider 2, having received the six 
delivery keys Kd, overwrites the previously received 
and stored delivery keys Kd arfd stores the new delivery 
keys Kd. The EMD service centre 1 sends three delivery 

20 keys Kd - versions 2 to 4 - usable from February 1998 
to April 1998 to the receiver 51, and the receiver 51, 
having received the three delivery keys Kd, overwrites 
the previously received and stored delivery keys Kd and 
stores the new delivery keys Kd. The EMD service centre 

25 1 stores the version 1 delivery key Kd without 
alteration. This is to ensure previously used delivery 
keys Kd can be utilized in the event of unforeseen 
trouble occurring, or an illegal act being committed or 
detected. 

30 [0022] The version 2 delivery key Kd is used by the EMD 
service centre 1, the content provider 2, and the 
receiver 51 from which the user home network 5 is 
constituted during the period from February 1, 1998 to 
February 28, 1998. 

35 [0023] The transmission of delivery keys Kd from the 
EMD service centre 1 to the content provider 2 and the 
receiver 51 on March 1, 1998 will be described with 
reference to FIG. 6. The EMD service centre 1 sends six 
delivery keys Kd - versions 3 to 8 - usable from March 
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1998 to August 1998 to the content provider 2, and the 
content provider 2, having received the six delivery 
keys Kd, overwrites the previously received and stored 
delivery keys Kd and stores the new delivery keys Kd. 
5 The EMD service centre 1 sends three delivery keys Kd - 
versions 3 to 5 - usable from March 1998 to May 1998 to 
the receiver 51, and the receiver 51, having received 
the three delivery keys Kd, overwrites the previously 
received and stored deliveiry keys Kd and stores the new 
10 delivery keys Kd. The EMD service centre 1 stores the 
version 1 delivery key Kd and the version 2 delivery 
key without alteration. 

[0024] The version 3 delivery key Kd is used by the EMD 
service centre 1, the content provider 2, and the 
15 receiver 51 from which the user home network 5 is 
constituted during the period from March 1, 1998 to 
March 31, 1998. 

[0025] The transmission of delivery keys Kd from the 
EMD service centre 1 to the content provider 2 and the 

20 receiver 51 on April 1, 1998 will be described with 
reference to FIG. 6. The EMD service centre 1 sends six 
delivery keys Kd - versions 4 to 9 - usable from April 
1998 to September 1998 to the content provider 2, and 
the content provider 2, having received the six 

25 delivery keys Kd, oveirwrites the previously received 
and stored delivery keys Kd and stores the new delivery 

keys Kd. The EMD service centre 1 sends three delivery 

f 

keys Kd - versions 4 to 6 - usable from April 1998 to 
June 1998 to the receiver 51, and the receiver 51, 

30 having received the three delivery keys Kd, overwrites 
the previously received and stored delivery keys Kd and 
stores the new delivery key Kd. The EMD service centre 
1 stores the version 1 delivery key Kd, the version 2 
delivery key, and the version 3 delivery key without 

35 alteration.- 

[0026] The version 4 delivery key Kd is utilized by the 
EMD service centre 1, the content provider 2, and the 
receiver 51 from which the user home network 5 is 
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constituted during the period from April 1, 1998 to 
April 3P, 1998. 

[0027] Distributing delivery keys Kd several months in 
advance in this way allows a user to make a content 
5 purchase even despite them not having accessed the EMD 
service centre. 1 at all for a month or two, and to 
access the EMD service centre 1 and receive keys at a 
convenient later time. 

[0028] A profit distribution portion 16 computes the 
10 profits to be shared by the EMD service centre 1, the 

content provider 2 and the service provider 3 according 

to the fee information, pricing information and usage 

policy supplied from the log data managing portion 15. 

A cross-authenticating portion 17 performs a later- 
15 described cross-authentication with the content 

provider 2, service provider 3, and user home network 5 

device. 

[0029] The user managing portion 18 possesses a user 
registration database and, when a registration request 
2 0 is received from a user home network 5 device, executes 
a processing such as a search of the user registration 
database and, in response to the recorded details 
therein, registration or registration refusal of the 
device. When the user home network 5 is configured from 

2 5 a plurality of devices possessing a function that 

facilitates connection with the EMD service centre 1, 
the user managing portion 18 designates ^the device for 
which a settlement is to be performed in accordance 
with the result of a judgment processing result as to 

3 0 whether or not registration thereof is possible, and, 

furthermore, sends a registration list which prescribes 
the usage conditions to the predetermined device of the 
user home network 5 . 

[0030] In the example user registration database shown 
35 in FIG. 7, ID (Identification Data) constituted from 64 
bits peculiar to the user home network 5 device is 
recorded therein and, correspondent to this ID (that is 
to say, to each device with this ID) , information such 
as whether settlement processing is possible, 
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registration is possible, and connection with the EMD 
service centre 1 is possible is recorded therein. The 
information stored in the user registration database as 
to whether registration is possible is updated in a 
5 predetermined time, period on the basis of information 
including non-payment of fees and improper processing 
and so on supplied from an approved institution (for 
example, a bank) or the service provider 3. The user 
managing portion 18 refuses registration when the 

10 registration request is from a device with an ID for 
which registration is recorded as being disapproved, 
and the device for which registration has been refused 
is thereafter unable to used the content of the system. 
[0031] Information as to whether or not a settlement 

15 processing is possible recorded in the user 
registration database expresses whether or not 
settlement using this particular device is possible. 
When the user home network 5 is constituted from a 
plurality of devices for which uses including content 

2 0 playback and copy are possible, a single piece of 
device thereof for which settlement is possible outputs 
the fee inf oirmation, pricing information and usage 
policy of all devices of the user home network 5 
registered in the EMD service centre 1 to the EMD 

25 service centre 1. Information as to whether connection 
with the EMD service centre 1 is possible recorded in 
the user registration database expresses whether or not 
a piece of device is able to be connected to the EMD 
service centre 1, and a device registered as being 

30 connectable therewith outputs fee information to the 
EMD service centre 1 via other devices of the user home 
network 5 . 

[0032] In addition, fee information, pricing 
information and usage policy are supplied from the 
35 device of the user home network 5 to the user managing 
portion 18 which outputs this information to the log 
data managing portion 15 and, furthermore, supplies 
delivery keys Kd to the user home network 5 by a 
predetermined processing (timing) . 
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[0033] A billing portion 19 computes the user fee based 
on, for example, the fee information, pricing 
information and usage policy supplied from the log data 
managing portion 15, and supplies the result thereof to 
5 an accounting portion 20. The casher portion 20 
executes a settlement processing in communication with 
an external bank or the like (not shown in the diagram) 
on the basis of the usage fee amount to be paid or 
charged to the user, the content provider 2, and the 
10 service provider 3. An auditing portion 21 carries out 
a propriety audit (that is, checks for any illegality) 
of the fee information, pricing information and usage 
policy supplied from the device in the user home 
network 5 . 

15 [0034] FIG. 8 is a block diagram showing a functional 
configuration of the content provider 2. A content 
server 31 stores the content to be supplied to the 
user, and supplies this content to a watermarking 
portion 32. The watermarking portion 32 appends a 

2 0 watermark to the content supplied by the content server 
31 and supplies this to a compressing portion 33. The 
compressing portion 33 compresses the content supplied 
by the watermarking portion 32 by an ATRAC2 (Adaptive 
Transform Acoustic Coding 2) (Trademark) or similar 

25 method, and supplies this to an encrypting portion 34. 
The encrypting portion 34 encrypts the content 
compressed by the compressing portion 33 by common-key 
cryptography such as DES (Data Encryption Standard) 
using a random niomber supplied by a random number 

30 generating portion 35 as a key (hereinafter this random 
number is referred to as a content key Kco) , and 
outputs the result thereof to a secure container 
producing portion 38. 

[0035] The random number generating portion 35 supplies 
35 a random number of a predetermined number of bits for 
use as a content key Kco to the encrypting portion 34 
and the encrypting portion 36. The encrypting portion 
3 6 uses common-key cryptography such as DES to encrypt 
the content key Kco with the delivery key Kd supplied 
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from the EMD service centre 1, and outputs the result 
thereof to the secure container producing portion 38. 
[0036] DES is an encryption method that employs a 56- 
bit common key to process 64-bit blocks of plain text 
5 as a single block. DES processing comprises a section 
(data mixing portion) for mixing plain text and 
converting it to cipher text, and a section (key 
processing portion) for generating a key (expansion 
key) from a common key for use by the data mixing 
10 portion. All algorithms of a DES are publicly 
accessible and, accordingly, the basic processing 
executed by the data mixing portion will be hereinafter 
described in brief. 

[0037] First, 64 bits of plain text are divided into 

15 high-order 32 bits Ho and low-order 32 - bits Lq. The 
input of a 48-bit expansion key Ki supplied from the key 
processing portion and the low-order 32 bits Lq is 
assumed, and the output of an F function obtained by 
mixing the low-order 32 bits L'o is computed. The F 

2 0 function is constituted from two fundamental types of 
conversion, namely "substitution" in which numeric 
values are substituted according to a prescribed rule, 
and "transposition" in which bit positions are 
transposed according to a prescribed rule. The high- 

2 5 order 32 bits Ho are subject to an exclusive OR 
operation with the output from the F function, and the 
result thereof is denoted as Li, Lo is denoted as H^ 
[0038] This processing is iterated 16 times on the 
basis of the high-order 32 bits Ho and the low-order 32 

30 bits Lo, and the thus-obtained high-order 32 bits Hig 
and low-order 32 bits Lie a.re output as cipher text. For 
decryption, the routine described above is reversed 
using a common key used for the encryption. 
[0039] A policy storing portion 37 stores the content 

35 usage policy, and outputs the usage policy 
correspondent to the content to be encrypted to the 
secure container producing portion 38. The secure 
container producing portion 38 prepares a content 
provider secure container constituted from encrypted 
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content, an encrypted content key Kco, a usage policy, 
a signature produced using a hash value of the 
encrypted content, encrypted content key Kco and usage 
policy and, furthermore, a certificate containing a 
5 public key Kpcp of the content provider 2, and supplies 
this content provider secure container to the service 
provider 3. A cross-authenticating portion 39 perfoms 
cross-authentication with the EMD service centre 1 
prior to a delivery key Kd being received from the EMD 
10 service centre 1 and, in addition, performs cross- 
authentication with the service provider 3 prior to the 
content provider secure container being transmitted to 
the service provider 3 . 

[0040] The signature, which is appended to data or to a 
15 later-described certificate, constitutes data used for 
checking for falsification and authenticating the 
author, and is produced by obtaining a hash value using 
a hash function on the basis of the data which is to be 
sent, and encrypting this hash value with a public-key 
2 0 cryptography secret key. 

[0041] Hash function and signature verification will be 
hereinafter described. A hash function constitutes a 
function that assumes predetermined data to be 
transmitted has been input which compresses this data 

2 5 to data of a specific bit length, and outputs this as a 

hash value. The characterizing features of a hash 
function are that prediction of input from a hash value 
(output) is difficult, most bits of a hash value change 

when one bit of data input on a hash function changes, 

3 0 and determining whether input data has the same hash 

value is difficult. 

[0042] The receiver in receipt of a signature and data 
decrypts the signature with a public-key cryptography 
public key, and obtains a resultant value (hash value) . 
3 5 The hash value of the received data is then calculated, 
and a judgment of whether the calculated hash value is 
equal to the hash value obtained by decrypting the 
signature is carried out. Where the hash value of the 
received data is judged to be equal to the decrypted 
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hash value, this indicates that the received data has 
not been falsified and is data that has been 
transmitted from a sender in possession of the secret 
key corresponding to the public key. Examples of hash 
5 functions used for signatures include MD4, MD5 and SHA- 
1. 

[0043] Public-key cryptography will be hereinafter 
described. In contrast to common-key cryptography which 
uses the same key (a common key) for encryption and 

10 decryption, in public-key cryptography the key used for 
encryption and the key used for decryption differ. When 
public-key cryptography is employed, one of the keys is 
made public and the other key can be kept secret, and 
while the key that can be made public is called a 

15 public key the key that is kept secret is called a 
secret key. 

[0044] A typical example of public-key cryptography is 
the RSA (Rivest-Shamir-Adleman) cipher that will be 
hereinafter described in brief. First, two sufficiently 

2 0 large prime numbers p and q are determined, and a 

product n thereof is determined. The least common 
multiple L of (p-1) and (q-1) is computed, and a number 
e equal to or greater than 3 and less than L and 
relatively prime to L is determined (that is to say, 
25 the only niimber that will go into both e and L is 1) . 

[0045] Next, a multiplicative inverse d of e is 
determined by modulo L arithmetic. In other words, the 
relationship ed=l mod L is established between d, e, 
and L, where d can be computed using an Euclid 

3 0 algorittim. Here, n and e are public keys and p, q, and 

d are secret keys. 

[0046] Cipher text C is computed from plain text M by 
the processing of equation (1) . 
C=M^ mod n (1) 

35 [0047] The cipher text C is decrypted into plain text M 
by the processing of equation (2) . 
M=C^ mod n (2) 

[0048] While a demonstration has been omitted, the 
reason why plain text is able to be converted into 
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cipher text using an RSA cipher and the cipher text can 
be decrypted is that the processing is based on 
Fermat's first theorem and, accordingly, equation (3) 
holds true: 
5 M=C^=(M^)^="-^^^-^^=^ mod n (3) 

[0049] While a user who knows the secret keys p and q 
can compute the secret key d from the public key e, if 
the number of digits of the public key n is increased 
to the extent that unique factorization of the public 

10 key n is difficult from the viewpoint of the quantity 
of computations, the secret key d cannot be computed 
from the public key e and, accordingly, the cipher text 
cannot be decrypted by awareness of the public key n 
alone. As described above, in RSA cryptography the key 

15 used for encryption is different to the key used for 
decryption. 

[0050] As an example of another public-key cipher, an 
Elliptic Curve Cryptography system will be hereinafter 
described in brief. A point on an elliptic curve 
20 y2=x.sup.3^ax+b taken as b. To define the addition of 
points on the elliptic curve, nB is taken to express a 
result obtained by n additions of B. Subtractions are 
similarly defined. Computation of n from B and En has 
been shown to be difficult. B and nB are taken as 

2 5 public keys, and n is taken as a secret key. Employing 

a random niimber r, cipher texts CI and C2 are computed 
by computation based on the processing of equation^ (4) 
and (5) using public keys. 
Cl=M+rnB (4) C2=rB (5) 

3 0 [0051] Cipher texts CI and C2 are decrypted into plain 

text M by the processing of equation (6) . 
M=Cl-nC2 (6) 

[0052] Decryption is possible only when in possession 
of the secret key n. Similarly to the RSA caryptosystem 
3 5 as described above, in Elliptic Curve Cryptography the 
key for encryption and the key for decryption also 
differ. 

[0053] FIG. 9 is a block diagram illustrating the 
functional configuration of the service provider 3. A 
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content server 41 stores the encrypted content supplied 
from the content provider 2, and supplies this to a 
secure container producing portion 44. A pricing 
portion 42 produces pricing information on the basis of 
5 the usage policy correspondent to the content, and 
supplies this to the secure container producing portion 
44. A policy storing portion 43 stores the content 
usage policy supplied from the content provider 2 and 
supplies this to a secure container producing portion 

10 44. The cross-authenticating portion 45, prior to 
receipt of the content provider secure container from 
the content provider 2, performs cross-authentication 
with the content provider 2 and, in addition, prior to 
transmitting the content provider secure container to 

15 the user home network 5, performs cross-authentication 
with the user home network 5. In addition, when the 
content provider 2 supplies the usage policy encrypted 
with a delivery key Kd, the cross-authenticating 
portion 45, prior to receipt of a delivery key Kd from 

2 0 the EMD service centre 1, performs cross-authentication 
with the EMD service centre 1. 

[0054] FIG. 10 is a block diagram illustrating the 
configuration of the user home network 5. A receiver 51 
receives a service provider secure container containing 

2 5 content from the service provider 3 via a network 4, 

and decrypts, expands and reproduces the content. 
[0055] A communicating portion 61 communicates with the 
service provider 3 or the EMD service centre 1 via the 
network 4 receiving or sending predetermined 

3 0 information therewith. A SAM (Secure Application 

Module) 62 performs a cross-authentication with the 
service provider 3 or the EMD service centre 1, and 
decrypts the content cipher or encrypts the content 
and, furthermore, stores a delivery key Kd or the like. 
3 5 An expanding portion 63 decrypts the content cipher, 
expands this using an ATRAC2 system, and inserts a 
predetermined watermark in the content . An IC 
(Integrated Circuit) card interface 64 converts a 
signal from the IC card 55 to a predetermined format. 
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and outputs this to the IC card 55 loaded in the 
receiver 51 or converts a signal from the IC card 55 
and outputs this to a SAM 62. 

[0056] The SAM 62, which performs cross-authentication 
5 with the service provider 3 or EMD service centre 1, 
which executes fee processing, which decrypts and 
encrypts a content key Kco, and which stores 
predetermined -data such as license usage conditions 
information and so on, is constituted from a cross- 

10 authentication module 71, a fee module 72, a storage 
module 73 and a decryption/encryption module 74. The 
SAM 62, which is constituted from single-chip ICs 
designed exclusively for cryptographic use, has as a 
multi-layer construction in which internal memory cells 

15 are sandwiched by dummy layers of aluminium and the 
like and, in addition, as it is operated across a small 
voltage or frequency range, it possesses a 
characteristic ( tamperproofness) that ensures it is 
hard for data to be illegally read from the exterior. 

2 0 [0057] The cross-authentication module 71 performs 
cross-authentication with the service provider 3 or the 
EMD service centre 1 and, in accordance with need, 
supplies a temporary key Ktemp (session key) to the 
encryption/decryption module 74. The fee module 72 

25 generates license usage conditions information and fee 
information from the usage policy and pricing 
information (and in some cases usage control 
information) contained in the service provider 3, and 
outputs this to the storage module 73 or an HDD (Hard 

30 Disk Drive) 52. The storage module 73 stores data such 
as fee information and the delivery keys Kd and so on 
supplied from the fee module 72 or 
decryption/encryption module 74, and supplies data such 
as the deliveiry keys Kd when another functional block 

35 executes a predetermined processing. 

[0058] The encryption/decryption module 74 is 
constituted from a decryption unit 91, a random number 
generation unit 92, and an encryption unit 93. The 
decryption unit 91 decrypts the encrypted content key 
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Kco with a delivery key Kd, and outputs the result to 
the encryption unit 93. The random number generation 
unit 92 generates a random number of a predetermined 
digit number, and outputs this as a save key Ksave to 
5 the encryption module 93 and the storage module 73, 
Notably, once this has been generated and saved, 
further need thereof is eliminated. The encryption unit 
93 re-encrypts the decrypted content key Kco with the 
save key Ksave, and outputs the result to the HDD 52. 

10 When the encryption module 93 sends the content key Kco 
to the expanding portion 63, the encrypted content key 
Kco is encrypted with the temporary key Ktemp. 
[0059] The expanding portion 63, which decrypts and 
expands the content and appends a predetermined 

15 watermark thereto, is constituted from the cross- 
authentication module 75, a decryption module 76, an 
expansion module 78, and a watermarking module 79. The 
cross-authentication module 75 performs cross- 
authentication with the SAM 62, and outputs a temporary 

20 key Ktemp to the decryption module 76. The decryption 
module 7 6 decrypts the content key Kco output from the 
storage module 73 and encrypted with the temporary key 
Ktemp with the temporary key Ktemp, and outputs the 
result to the decryption module 77. The decryption 

25 module 7 7 decrypts the content stored in the HDD 52 
with the content key Kco, and outputs the result to the 
expansion module 78. The expansion ' module 78 further 
expands the decrypted content using a method such as 
ATRAC2 or the like, and outputs the result to the 

30 watermarking module 79. The watermarking module 79 
inserts a predetermined watermark that identifies the 
receiver 51 in the content, and outputs this to a 
recorder 53, or outputs it to a speaker not shown in 
the diagram for reproducing the music. 

3 5 [0060] The HDD 52 records the content supplied from the 
service provider 3. The recorder 53, which records and 
reproduces content supplied from the service provider 3 
on a loaded optical disk (not shown in the diagram) , is 
constituted from a recording/reproducing portion 65, 
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SAM 66 and expanding portion 67. The 
recording/reproducing portion 65, in which the optical 
disk is loaded, records content for reproduction on 
this optical disk. The SAM 66 has an identical function 
5 to the SAM 62 and, accordingly, a description thereof 
is omitted. The expanding portion 67 has an identical 
function to the expanding portion 63 and, accordingly, 
a description thereof is omitted. An MD (Mini Disk: 
Trademark) driver 54 records content for reproduction 
10 supplied from the service provider 3 on a loaded MD not 
shown in the diagram. 

[0061] The IC card 55 loaded in the receiver 51 stores 
the delivery key Kd stored in the storage module 73 and 
predetermined data such as the ID of a device. For 
15 example, when a new receiver 51 is purchased and is to 
be used to replace a hitherto used receiver 51, first, 
the user stores predetermined data such as the delivery 
key Kd stored in the storage module 73 of the hitherto 
used receiver 51 in the IC card 55. Next, the user 

2 0 loads the IC card 55 in the new receiver 51, and 

operates the receiver 51 to register the new receiver 
51 in the user managing portion 18 of the EMD service 
centre 1. The user managing portion 18 of the EMD 
service centre 1 searches the database held by the user 
25 managing portion 18 on the basis of data stored in the 
IC card 55 (ID and so on the hitherto used receiver 51) 
for the. user name and credit card n\amber used for 
payment of usage fees and, because the registration 
processing is executed on the basis of this data, the 

3 0 need for a user to carry out a troublesome task of 

inputting data is eliminated. The IC card 55 is 
constituted from a cross-authentication module 80 and a 
storage module 81. The cross-authentication module 80 
performs cross-authentication with the SAM 62. The 
35 storage module 81, stores data supplied from the SAM 62 
via the IC card interface 64, and outputs the stored 
data to the SAM 62. 

[0062] FIG. 11 is a block diagram showing another 
example of the configuration of a user home network 5. 
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The receiver 51 and recorder 53 of this configuration 
describe a configuration from which the expanding 
portion 63 and expanding portion 67 shown in FIG. 10 
have been omitted. Instead, a decoder 56 connected to 
5 the recorder 53 serves an identical function to the 
expanding portion 63 and the expanding portion 67 . 
Other configurations are identical to those of FIG. 10. 
[0063] The decoder 56, which decrypts and expands the 
content and appends a watermark thereto, is constituted 

10 from a cross-authentication module 101, a decryption 
module 102, a decryption module 103, an expansion 
module 104, and a watermarking module 105. The cross- 
authentication module 101 performs cross-authentication 
with the SAM 62 and a SAM 66, and outputs a temporary 

15 key Ktemp to the decryption module 102 . The decryption 
module 102 uses the temporary key Ktemp to decrypt a 
content key Kco output from the SAM 62 and encrypted by 
the temporary key Ktemp, and outputs the result to the 
decryption module 103. The decryption module 103 

2 0 decrypts the content recorded on the HDD 52 with the 

content key Kco, and outputs the result to the 
expansion module 104. The expansion module 104 further 
decompresses the decrypted content by a method such as 
ATRAC2, and outputs the result to the watermarking 
25 module 105. The watermarking module 105 inserts a 
predetermined watermark that identifies the decoder 56 
into the content, and outputs the result to the 
recorder 53 or to speakers (not shown) to reproduce the 
music. 

3 0 [0064] FIG. 12 is a diagram describing information 

transmitted and received between the EMD service centre 
1, the content provider 2, the service provider 3 and 
the user home network 5. The content provider 2 stores 
encrypted content, an encrypted content key Kco, a 
35 usage policy and a signature in a content provider 
secure container (the details of which will be 
described later with reference to FIG. 13), and appends 
an authentication certificate (the details of which 
will be described later with reference to FIG. 14) of 
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the content provider 2 to the content provider secure 
container and sends this to the service provider 3 . The 
content provider 2 also appends an authentication 
certificate of the content provider 2 to the usage 
5 policy and the signature and sends this to the EMD 
service centre 1. 

[0065] The service provider 3 generates pricing 
information on the basis of a usage policy contained in 
the received content provider secure container, stores 

10 the encrypted content, the encrypted content key Kco, 
the usage policy, the pricing information and the 
signature in the service provider secure container (the 
details of which will be described later with reference 
to FIG. 15), and appends an authentication certificate 

15 of the service provider 3 (the details of which will be 
described later with reference to FIG. 16) to the 
service provider secure container and sends this to the 
user home network 5. The service provider 3 also 
appends an authentication certificate of the service 

2 0 provider 3 to the pricing information and signature and 

sends this to the EMD service centre 1. 

[0066] The user home network 5 generates license use 
information from the usage policy contained in the 
received provider secure container, and uses the 
25 content in accordance with this license use 
information. When the content key Kco is decrypted in 
the user home network 5, fee information is generated. 
This fee information is encrypted at a predetermined 
timing, and is transmitted to the EMD service centre 1 

3 0 with a usage policy and a signature appended thereto. 

[0067] The EMD service centre 1 computes the usage fee 
on the basis of this fee information and the usage 
policy, and calculates the profit to be shared between 
the EMD service centre 1, the content provider 2, and 
3 5 the service provider 3. The EMD service centre 1 
compares the usage policy received from the content 
provider 2, the pricing information received from the 
service provider 3 and the fee information and usage 
policy received from the user home network 5, and 
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carries out an audit to determine whether any 
illegality such as falsification of usage policy or 
appending of an improper price has been performed 
either by the service provider 3 or the user home 
5 network 5 . 

[0068] FIG. 13 is a diagram describing the content 
provider secure container. The content provider secure 
container contains content encrypted with a content key 
Kco, a content key Kco encrypted with a delivery key 

10 Kd, a usage policy and a signature. The signature 
constitutes data obtained by encrypting a hash value 
generated by application of a hash function to the 
content encrypted with the content key Kco, the content 
key Kco encrypted with the delivery key Kd, and the 

15 usage policy with a secret key Kscp of the content 
provider 2 . 

[0069] FIG. 14 is a diagram describing the 
authentication certificate of the content provider 2. 
The authentication certificate of the content provider 

2 0 2 contains the version no. of the authentication 
certificate, the serial no. of the authentication 
certificate assigned to the content provider 2 by a 
certifying agency, algorithms and parameters employed 
in the signature, the name of the certifying agency, 

25 the period of validity of the authentication 
certificate, the name of the content provider 2, the 
public key Kpcp of the content provider, and the 
signature. The signature constitutes data obtained by 
encrypting a hash value generated by application of a 

30 hash function on the version no. of the certificate, 
the serial no. of the authentication certificate 
assigned to the content provider 2, the algorithm and 
parameters employed for the signature, the name of the 
certifying agency, the period of validity of the 

35 authentication certificate, the name of the content 
provider 2, and the public key Kpcp of the content 
provider with a secret key Ksca of the authenticating 
agency . 
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[007 0] FIG. 15 is a diagram describing the service 
provider secure container. The service provider secure 
container contains content encrypted with a content key 
Kco, a content key Kco encrypted with a delivery key 
5 Kd, usage policy, pricing information and a signature. 
The signature constitutes data obtained by encrypting a 
hash value generated by application of a hash function 
on the content encrypted with the content key Kco, the 
content key Kco encrypted with the delivery key Kd, the 
10 usage policy and the pricing information with a secret 
key Kssp of the service provider 3 . 

[0071] FIG. 16 is a diagram describing the 
authentication certificate of the service provider 3. 
The authentication certificate of the service provider 

15 3 contains the version no. of the certificate, the 
serial no. of the authentication certificate assigned 
to the service provider 3 by the certifying agency, 
algorithms and parameters employed in the signature, 
the name of the certifying agency, the period of 

20 validity of the authentication certificate, the name of 
the service provider 3, the public key Kpsp of the 
service provider, and a signature. The signature 
constitutes data obtained by encrypting a hash value 
generated by application of a hash function on the 

25 version no. of the certificate, the serial no. of the 
authentication certificate assigned to the service 
provider 3, the algoritlim and parameters employed for 
the signature, the name of the certifying agency, the 
period of validity of the authentication certificate, 

30 the name of the service provider 3, and the public key 
Kpsp of the service provider with a secret key Ksca of 
the authenticating agency. 

[0072] FIG. 17 is a diagram illustrating the usage 
policy, pricing information, and license usage 
35 conditions information. The usage policy (FIG. 17(A)) 
possessed by the content provider 2 is prepared for 
each content and indicates the usage details usable by 
the user home network 5. For example, the usage policy 
of FIG. 17(A) shows that while the user home network 5 
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is licensed for reproduction and multiple copy of the 
content, it is not licensed for a single copy. 
[OO73] FIG. 18 is a diagram describing single copy and 
multiple copy. Multiple copy refers to the case where 
5 license usage conditions for content for which a copy 
license has been assigned to the license usage 
conditions information are purchased, and a plurality 
of copies are produced from this content. However, as 
shown in FIG. 18(A), further copy thereof is prohibited 

10 (not licensed) . Single copy refers to the' case where 
license usage conditions for content for which a copy 
license has been assigned to the license usage 
conditions information are purchased, and just a single 
copy is produced from this content. For single copy as 

15 well, as shown in FIG. 18(B), further copying of this 
copy is prohibited (not licensed) . 

[0074] As shown in FIG. 17(B), the service provider 3 
adds pricing information from the content provider 2 to 
the usage policy (FIG. 17(A)). For example, the pricing 
20 information of FIG. 17(B) indicates a 150¥ fee for 
reproducing the content, and an 80¥ usage fee for the 
multiple copy use thereof. While not shown in FIG. 17, 
single copy pricing information expresses a usage fee 
per copy and, for example, the usage fee paid for 3 

2 5 copies is three times the usage fee paid for a single 

copy. Content for multiple copy or single copy 
licensing is limited to content for which a copy 
license according to license usage conditions inform 
ation has been assigned for which license usage 

3 0 conditions have been purchased. 

[0075] The user home networlc 5 stores the usage details 
indicating the license usage conditions information 
(FIG. 17(C)) selected by a user from the usable usage 
details (FIG. 17(B) indicating the usage policy 
35 supplied from the service provider 3. For example, the 
license usage conditions information of FIG. 17(C) 
indicate that the content can be reproduced, and that 
single copy and multiple copy are prohibited. 
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[0076] FIG. 19 is a diagram describing the usage policy 
and pricing information where, compared to FIG. 17, the 
content provider 2 has added profit distribution 
information to the usage policy, and the service 
5 provider 3 has assigned profit distribution information 
to the pricing information. In contrast to the example 
shown in FIG. 17, in the example of FIG. 19, 
supplementary information indicating a profit for the 
content provider 2 of 7 0¥ when the content is 

10 reproduced and 40¥ when used for multiple copy is 
provided (FIG. 19(A)). Furthermore, supplementary 
profit distribution information indicating that the 
profit for the service provider 3 is 60¥ when the 
content is reproduced and 3 0¥ when used for multiple 

15 copy is provided (FIG. 19(B). The price, similarly to 
the case of FIG. 17(A), is 150¥ for reproduction and 
40¥ for multiple copy. The amount (for example 20¥) 
obtained by subtracting the profit of the content 
provider 2 (for example 70¥) and the profit of the 

2 0 service provider 3 (for example 60¥) from the price 

(for example 15 0¥) represents the profit of the EMD 
service centre 1. The EMD service centre 1 is able to 
compute the profits of each of the content provider 2, 
the service provider 3 and the EMD service centre 1 by 
25 obtaining the usage policy, the profit distribution 
ratio and pricing information via the user home network 
5 together with fee information (FIG. 19(C)) which 
expresses the content usage record of the user home 
network 5 . 

3 0 [0077] FIG. 20 is a diagram describing the usage 

policy, pricing information and license usage 
conditions information when a plurality of modes are 
set for reproducing the content. In the example of FIG. 
20(A), unrestricted reproduction, frequency restricted 
3 5 (in this case 5x) reproduction, and date restricted (in 
this case until December 31, 1998) reproduction are set 
by the service provider 3 as the usage policy and 
pricing information for reproducing the content. Where 
a user selects 5x frequency restricted reproduction of 
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the content, in a state in which the content has been 
received but not yet reproduced, "5" is recorded as the 
value correspondent to the frequency restriction of the 
license usage conditions information of the user home 
5 network 5 as shown in FIG. 2 OB. The value correspondent 
to this frequency restriction is decremented in the 
user home network 5 every time the content is 
reproduced (used) and, for example, after being 
reproduced 3x, the value has decremented to ''2" as 
10 shown in FIG. 20(C). When the value correspondent to 
the frequency restriction is "0", the user home network 
5 is no longer able to use the content for 
reproduction. 

[0078] FIG. 21 is a diagram describing another example 

15 of information transmitted and received between the EMD 
service centre 1, the content provider 2, the service 
provider 3 and the user home network 5. In contrast to 
the example shown in FIG. 12, in the example shown in 
FIG. 21 the service provider 3 produces usage control 

20 information on the basis of the usage policy from the 
content provider 2 . The usage control information is 
stored with the content and so on in a service provider 
secure container, transmitted to the user home network 
5, and also transmitted to the EMD service centre 1. 

25 The usage control information is also transmitted from 
the user home network 5 to the EMD service centre 1 
together with the fee information and usage policy. 
[0079] FIG. 22 is a diagram describing the service 
provider secure container of the example of FIG. 21. 

3 0 the service provider secure container contains content 
encrypted with a content key Kco, a content key Kco 
encrypted with a delivery key KD, a usage policy, usage 
control information, pricing information and a 
signature. The signature constitutes data obtained by 

35 encrypting a hash value generated by application of a 
hash function on the content key Kco, the content key 
Kco encrypted with a delive2ry key KD, the usage policy, 
the usage control information, the pricing information 
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and the signature with a secret key Kssp of the service 
provider 3 , 

[0080] FIG. 23 is a diagram illustrating the 
configuration of the usage policy, usage control 
5 information, pricing information and license usage 
conditions of the example of FIG. 21. In the example 
shown in FIG. 23, the usage policy (FIG. 23(A)) of the 
content provider 2, despite pricing information being 
appended without alteration, is not of a format that 
10 enables comparative reference of pricing information 
with usage policy. Thereupon, the service provider 3 
generates usage control information of a format that 
enables comparative reference of pricing information 
with pricing information on the basis of the usage 
15 policy thereof, appends the pricing information 
thereto, and sends this to the user home network 5 
(FIG, 23(B)). License usage conditions information 
(FIG, 23(C)) is generated in the user home network from 
this transmitted information. The content provider 2 of 

2 0 FIG. 23 is advantageous in that a usage policy of 

smaller data quantity than required for the case 
described in FIG. 12 may be recorded. 

[0081] FIG. 24 is a diagram describing a further 
configuration of the content and information appended 
25 to the content transmitted and received between the EMD 
service centre 1, the content provider 2, the service 
provider 3 and the user home network 5. In contrast to 
the example shown in FIG. 21, in the example of FIG. 24 
the usage policy, the usage control inf oirmation, the 

3 0 pricing information and the fee information are 

encorypted and transmitted using a public • key cipher. 
The system of FIG. 24 has comparatively better safety 
than the example of FIG. 21 with respect to external 
system attack. 

35 [0082] FIG. 25 is an example for describing the content 
provider secure container of the example of FIG. 24. 
The content provider secure container contains content 
encrypted with a content key Kco, a content key Kco 
encrypted with a delivery key Kd, usage policy 
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encrypted with a delivery key Kd, and a signature. The 
signature constitutes data obtained by encoding a hash 
value generated by application of a hash function on 
the content encrypted with a content key Kco, the 
5 content key Kco encrypted with a delivery key Kd, and 
the usage policy encrypted with a delivery key Kd with 
a secret key Kscp of the content provider 2. 
[0083] FIG. 26 is a diagram describing the service 
provider secure container of the example of FIG. 24. 

10 The service provider secure container contains content 
encrypted with a content key Kco, a content key Kco 
encrypted with a delivery key Kd, a usage policy 
encrypted with a delivery key Kd, usage control 
information encrypted with a delivery key Kd, pricing 

15 information encrypted with a delivery key Kd, and a 
signature. The signature constitutes data obtained by 
encoding a hash value generated by application of a 
hash function on the content key Kco, the content key 
Kco encrypted with the delivery key Kd, the usage 

2 0 policy encrypted with a delivery key Kd, the usage 

control information encrypted with a delivery key Kd, 
and the pricing information encrypted with a delivery 
key Kd with a secret key Kssp of the service provider 
3. 

25 [0084] FIG. 27 is a diagram describing the operation 
when the EMD seirvice centre 1 receives fee information 
from the user home network 5. Subsequent to cross- 
authentication with the user home network 5, the user 
managing portion 18 produces a shared temporary key 

3 0 Ktemp, and encrypts a delivery key Kd from a key server 

14 with this key and sends the result to the user home 
network 5. The user home network 5, subsequent to 
decrypting the received delivery key Kd with the shared 
temporary key Ktemp, updates the delivery key Kd in 
35 accordance with need. In addition, employing the shared 
temporary key Ktemp, it encrypts the fee information 
and usage policy and so on and sends the result thereof 
to the EMD service centre 1. This is received by the 
user managing portion 18. The user managing portion 18, 



- 33 - 

subsequent to decrypting the received fee information 
and usage policy and so on with the shared temporary 
key Ktemp, sends the result thereof to a log data 
managing portion 15 and a billing portion 19. The log 
5 data managing portion 15, having judged that a 
settlement is to be executed, sends the received fee 
information to the profit distribution portion 16 and, 
furthermore, sends the received fee information and 
usage policy and so on to the billing portion 19. The 

10 profit distribution portion 16 computes the billing 
amount and paid amount for the content provider 2 , the 
service provider 3 and EMD service centre 1 itself. The 
billing portion 19 computes the amount paid by a user 
and sends this information to an accounting portion 20. 

15 The accounting portion 20 executes a settlement 
processing in communication with an external bank or 
the like not shown in the diagram. At this time, if 
usage fee non-payment information or the like exists, 
this information is transmitted to the billing portion 

2 0 19 and the user managing portion 18 where it can be 

used for reference for subsequent user registration 
processing and delivery key Kd send processing. 
[0085] FIG. 28 is a diagram describing the profit 
distribution processing operation of the EMD service 
25 centre 1. The log data managing portion 15 sends fee 
information that indicates a user content usage record, 
usage policy and pricing data to the profit 
distribution portion 16. The profit distribution 
portion 16 computes the profits of each of the content 

3 0 provider 2, the service provider 3 and the EMD service 

centre 1 on the basis of this information, and sends 
the result thereof to a service provider managing 
portion 11, a content provider managing portion 12, the 
accounting portion 2 0 and a copyright managing portion 
35 13. The accounting portion. 20 executes a settlement 
processing in communication with an external bank or 
the like not shown in the diagram. The service provider 
managing portion 11 sends the profit infoirmation of the 
service provider 3 to the service provider 3 . The 
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content provider managing portion 12 sends the profit 
information of the content provider 2 to the content 
provider 2. An auditing portion 21 carries out a 
propriety audit of the fee information, pricing 
5 information and usage policy supplied from the device 
of the user home network 5. 

[0086] FIG. 29 is a diagram describing the processing 
operation for sending the content usage record 
information of the EMD service centre 1 to JASRAC. The 

10 log data managing portion 15 sends fee information that 
indicates the content usage record of a user to the 
copyright managing portion 13 and the profit 
distribution portion 16. The profit distribution 
portion 16 computes the billing amount and paid amount 

15 for JASRAC, and sends this information to the 
accounting portion 20. The accounting portion 2 0 
executes a settlement processing in communication with 
an external bank or the like not shown in the diagram. 
The copyright managing portion 13 sends the content 

2 0 usage record of a user to JASRAC. 

[0087] The processing of an EMD system will be 
hereinafter described. FIG. 3 0 is a flowchart for 
describing the content distribution and reproduction 
processing of this system. In Step Sll, the content 

25 provider managing portion 12 of the EMD service centre 
1 sends a delivery key Kd to the content provider 2, 
and this is received by the content provider 2 . The 
details of this processing will be described later with 
reference to the ' flowchart of FIG. 32. In Step S12, a 

30 user operates an device (for example, the receiver 51 
of FIG. 10) of the user home network 5, and the device 
of the user home network 5 is registered in the user 
managing portion 18 of the EMD service centre 1. The 
details of this registration processing will be 

35 described later with reference to the flowchart of FIG. 
36. In Step S13, the user managing portion 18 of the 
EMD service centre 1 performs a cross-authentication 
with the user home network 5 as shown in FIGS. 33 to 
35, and then sends a delivery key Kd to the device of 
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the user home network 5. This key is received by the 
user home network 5. The details of this processing 
will be described later with reference to the flowchart 
of FIG, 44. 

5 [0088] In Step S14, the secure container producing 
portion 3 8 of the .content provider 2 sends a content 
provider secure container to the service provider 3 . 
The details of this send processing will be described 
later with reference to FIG. 46. In Step S15, the 

10 secure container producing portion 44 of the service 
provider 3 sends the service provider secure container 
to the user home network 5 via the network 4 in 
response to a request from the user home network 5. The 
details of this send processing will be described later 

15 with reference to the flowchart of FIG. 48. In Step 
S16, a fee module 72 of the user home network 5 
executes a fee processing. The details of this fee 
processing will be described later with reference to 
FIG. 50. In Step S17, the user reproduces the content 

20 using the device of the user home network 5. The 
details of this reproduction processing will be 
described later with reference to the flowchart of FIG. 
51. 

[0089] On the other hand, the flowchart of FIG. 31 
25 illustrates the processing performed by the content 
provider 2 for encrypting and sending a usage policy. 
In Step S21, the content provider managing portion 12 
of the EMD service centre 1 sends a delivery key Kd to 
the content provider 2. In Step S22, the service 
3 0 provider managing portion 11 of the EMD service centre 
1 sends the delivery key Kd to the service provider 3 . 
The subsequent processing of Steps S23 to S28 is the 
same as the processing performed in Steps S12 to S17 of 
FIG. 30 and, accordingly, a description thereof has 
35 been omitted. 

[0090] FIG. 32 is a flowchart for describing the 
details of a processing correspondent to Step Sll of 
FIG. 30 and Step S21 of FIG. 31 by which the EMD 
service centre 1 sends a delivery key Kd to the content 
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provider 2, and this is received by the content 
provider 2. In Step S31, the cross-authenticating 
portion 17 of the EMD service centre 1 performs a 
cross-authentication with the cross-authenticating 
5 portion 39 of the content provider 2. The details of 
this cross-authentication processing will be described 
later with , reference to the flowchart of FIG, 33. When 
the content provider 2 is authenticated as being a 
legitimate provider as a result of this cross- 

10 authentication processing, in Step S32, the encrypting 
portion 34 and the encrypting portion 36 of the content 
provider 2 receives the delivery key Kd transmitted 
from the content provider managing portion 12 of the 
EMD service centre 1. In Step S33, the encrypting 

15 portion 34 of the content provider 2 stores the 
received delivery key Kd. 

[0091] In this way, the content provider 2 receives the 
delivery key Kd from the EMD service centre 1 . 
Similarly, in the example processing of the flowchart 
2 0 shown in FIG. 31, in addition to the content provider 
2, the service provider 3 also receives a delivery key 
Kd from the EMD service centre 1 based on a processing 
identical to that described in FIG. 32. 

[0092] A cross-authentication processing for confirming 
25 the absence of so-called "spoofing" in Step S31 of FIG. 
32 will be hereinafter described using a case in which 
one common key is used (FIG. 33), a case in which two 
common keys are used (FIG. 34), and a case in which a 
public key cipher is employed (FIG. 35) as examples. 
30 [0093] FIG. 33 is a flowchart for describing the cross- 
authentication operation between the cross - 
authenticating portion 3 9 of the content provider 2 and 
the cross-authenticating portion 17 of the EMD service 
centre 1 employing common-key DES cryptography with a 
35 single common key. In Step S41, the cross- 
authenticating portion 3 9 of the content provider 2 
generates a 64-bit random number Rl (this may also be 
generated by the random number generating portion 35) . 
In Step S42, the cross-authenticating portion 39 of the 
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content provider 2 employs a DES to encrypt the random 
number Rl with a prestored common key Kc (this 
encryption may also be performed by the encrypting 
portion 36) . In Step S43, the cross-authenticating 
5 portion 39 of the content provider 2 sends the 
encrypted random number Rl to the cross -authenticating 
portion 17 of the EMD service centre 1, 

[0094] In Step S44, the cross-authenticating portion 17 
of the EMD service centre 1 decrypts the received^ 

10 random number Rl with the prestored common key Kc . In 
Step S45, the cross-authenticating portion 17 of the 
EMD service centre 1 generates a 32 -bit random number 
R2 . In Step S46, the cross-authenticating portion 17 of 
the EMD service centre 1 replaces the low-order 32 bits 

15 of the decrypted 6 4 -bit random number Rl with the 
random number R2 to generate a concatenation R1h||R2 
Notably, RIh denotes the high order bits of Ri, and a||b 
is a concatenation of A and B ( (n+m) bits obtained by 
coupling the m-bits of B with the low-order n bits of 

20 A). In Step S47, the cross-authenticating portion 17 of 
the EMD service centre 1 employs DES to encrypt R1h||R2 
with a common key Kc. In Step S48, the cross- 
authenticating portion 17 of the EMD service centre 1 
sends the encrypted R1h||R2 to the content provider 2 . 

25 [0095] In Step S49, the cross-authenticating portion 39 
of the content provider 2 decrypts the received R1h||r2 
with the common key Kc . In Step S50, the cross- 
authenticating portion 39 of the content provider 2 
checks the high-order 32 bits of the decrypted R1h||R2 

3 0 against the high-order 32 bits RIh and if they match the 
random number Rl generated in Step S41 this certifies 
that the EMD service centre 1 is a legitimate centre. 
If the generated RIh and received RIh do not match, the 
processing ends. If the two match, in Step S51 the 

35 cross-authenticating portion 39 of the content provider 
2 generates a 32-bit random niomber R3 . In Step S52, the 
cross-authenticating portion 39 of the content provider 
2 sets the received and decrypted 32 bit random number 
R2 in the high-order position, sets the generated 
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random number R3 in the low-order position thereof, and 
produces a concatenation R2||r3. In Step S53, the cross- 
authenticating portion 39 of the content provider 2 
employs DES to encrypt the concatenation R2R3 with the 
5 common key Kc . In Step S54, the cross-authenticating 
portion 39 of the content provider 2 sends the 
encrypted concatenation R2||r3 to the cross- 
authenticating portion 17 of the EMD service centre 1. 
[0096] In Step S55, the cross-authenticating portion 17 

10 of the EMD service centre 1 decrypts the received 
concatenation R2||r3 with the common key Kc . In Step 
S56, the cross-authenticating portion 17 of the EMD 
service centre 1 checks the high-order 32 bits of the 
decrypted concatenation R2||r3 against the random number 

15 R2 and, if they match, this certifies that the content 
provider 2 is legitimate and, if they do not, the 
provider is deemed to be illegitimate and the 
processing ends. 

[0097] FIG. 34 is a flowchart for describing the cross- 

2 0 authentication operation between the cross- 

authenticating portion 39 of the content provider 2 and 
the cross-authenticating portion 17 of the EMD service 
centre 1 employing common-key DES cryptography using 
two common keys Kcl and Kc2, In Step S61-, the cross- 
25 authenticating portion 39 of the content provider 2 
generates a 64-bit random number Rl . In Step S62, the 
cross-authenticating portion 39 of the content provider 
2 employs DES to encrypt the random number Rl with a 
prestored common key Kcl. In Step S63, the cross- 

3 0 authenticating portion 39 of the content provider 2 

sends the encrypted random number Rl to the EMD service 
centre 1. 

[0098] In Step S64, the cross-authenticating portion 17 
of the EMD service centre 1 decrypts the received 
3 5 random n\amber Rl with a prestored common key Kcl. In 
Step S65, the cross-authenticating portion 17 of the 
EMD service centre 1 encrypts the random number Rl with 
a prestored common key Kc2. In Step S66, the cross- 
authenticating portion 17 of the EMD service centre 1 
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generates a 64-bit random number R2 . In Step S67, the 
cross-authenticating portion 17 of the EMD service 
centre 1 encrypts the random n\imber R2 with the common 
key Kc2 , In Step S68, the cross-authenticating portion 
5 17 of the EMD service centre 1 sends the encrypted 
random numbers Rl and R2 to the cross -authenticating 
portion 39 of the content provider 2. 

[0099] In Step S69, the cross-authenticating portion 39 
of the content provider 2 decrypts the received random 

10 numbers Rl and R2 with the prestored common key Kc2 , In 
Step S70, the cross-authenticating portion 39 of the 
content provider 2 checks the decrypted random number 
Rl against the random number Rl generated in Step S61 
(the random number Rl prior to encryption) and, if they 

15 match, this certifies that the EMD service centre 1 is 
legitimate, while if they do not match, the EMD service 
centre 1 is deemed to be illegitimate and the 
processing ends. In Step S71, the cross-authenticating 
portion 3 9 of the content provider 2 encrypts the 

2 0 decrypted random number R2 with the common key Kcl. In 

Step S72, the cross-authenticating portion 39 of the 
content provider 2 sends the encrypted random number R2 
to the EMD service centre 1 . 

[0100] In Step S73, the cross-authenticating portion 17 
25 of the EMD service centre 1 decrypts the received 
random number R2 with the common key Kcl. In Step S74, 
the cross-authenticating portion 17 of the EMD service 
centre 1 checks the decrypted random number R2 against 
the random number R2 generated in Step S66 (the random 

3 0 number R2 prior to encryption) and, if they match, this 

certifies that the content provider 2 is ,a legitimate 
provider, while if they do not, the content provider 2 
is deemed to be illegitimate and the processing ends. 
[0101] FIG. 35 is a flowchart for describing the cross- 
35 authentication operation between the cross- 
authenticating portion 39 of the content provider 2 and 
the cross-authenticating portion 17 of the EMD service 
centre 1 employing a 160-bit length elliptic curve 
cipher as the public-key cryptography cipher. In Step 
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581, the cross-authenticating portion 39 of the content 
provider 2 generates a 64-bit random niomber Rl . In Step 

582, the cross-authenticating portion 39 of the content 
provider 2 sends an authentication certificate 

5 (acquired in advance from a certifying agency) 
containing its own public key Kpcp along with the 
random number Rl to the cross-authenticating portion 17 
of the EMD service centre 1. 

[0102] In Step S83, the cross-authenticating portion 17 
10 of the EMD service centre 1 decrypts the signature of 
the r,eceived authentication certificate (encrypted with 
a secret key Ksca of the certifying agency) with the 
secret key Ksca of the certifying agency acquired in 
advance, extracts the hash value of a public key Kpcp 
15 of the content provider 2 and the name of the content 
provider 2, and extracts the public key Kpcp and name 
of the content provider 2 stored without alteration as 
plain text in the authentication certificate. If the 
authentication certificate is a legitimate 

2 0 authentication certificate issued by the certifying 

agency, this signature of the authentication 
certificate is able to be decrypted, and the thus- 
obtained hash value of the public key Kpcp and the name 
of the content provider 2 will match the hash value 

25 obtained by the application of a hash function to the 
public key Kpcp of the content provider 2 and the name 
of the content provider 2 contained as plain text in 
the authentication certificate. This certifies that the 
public key Kpcp is legitimate and has not been 

30 falsified. If the signature cannot be decrypted, or if 
it can but the hash values do not match, the public key 
or the provider is deemed to be illegitimate. In this 
case, the processing ends. 

[0103] When a legitimate authentication result is 

3 5 obtained, the cross-authenticating portion 17 of the 

EMD service centre 1 generates a 64 -bit random number 
'R2 in Step S84. In Step S85, the cross-authenticating 
portion 17 of the EMD service centre 1 generates a 
concatenation R1||r2 of the random numbers Rl and R2 . In 
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Step S86, the cross-authenticating portion 17 of the 
EMD service centre 1 encrypts the concatenation R1||r2 
with its own secret key Ksesc. In Step S87, the cross- 
authenticating portion 17 of the EMD service centre 1 
5 encrypts the concatenation R1||r2 with the public key 
Kpcp of the content provider 2 obtained in Step S83. In 
Step S88, the cross-authenticating portion 17 of the 
EMD service centre 1 sends the concatenation R1||r2 
encrypted with the secret key Ksesc, the concatenation 

10 Rl II R2 encrypted by the public key Kpcp , and an 
authentication certificate (acquired in advance from 
the certifying agency) containing its own public key 
Kpesc to the cross-authenticating portion 39 of the 
content provider 2 . 

15 [0104] In Step S89, the cross-authenticating portion 39 
of the content provider 2 decrypts the signature of the 
received authentication certificate with the secret key 
Kpca of the certifying agency acquired in advance and, 
if legitimate, extracts the public key Kpesc from the 

20 authentication certificate. This processing is the same 
as the processing performed in Step S83 and, 
accordingly, a description thereof has been omitted. In 
Step S90, the cross-authenticating portion 39 of the 
content provider 2 decrypts the concatenation R1||r2 

2 5 encrypted with the secret key Ksesc with the public key 

Kpesc acquired in Step S89. In Step S91, the cross- 
authenticating portion 39 of the content provider 2 
decrypts the concatenation R1||r2 encrypted with its own 
public key Kpcp with its own secret key Kscp. In Step 
30 S92, the cross-authenticating portion 39 of the content 
provider 2 compares the concatenation R1||r2 decrypted 
in Step S90 with the concatenation R1||r2 decrypted in 
Step S91 and, if they match, this certifies that the 
EMD service centre 1 is legitimate while, if they do 

3 5 not match, the EMD service centre 1 is deemed to be 

illegitimate and the processing ends. 

[0105] When a legitimate authentication result is 
obtained, the cross-authenticating portion 3 9 of the 
content provider 2 generates a 64-bit random number R3 
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in Step S93. In Step S94, the cross-authenticating 
portion 39 of the content provider 2 generates a 
concatenation R2||r3 of the random number R2 obtained in 
Step S90 and the random number R3 generated in Step 
5 S93. In Step S95, the cross-authenticating portion 39 
of the content provider 2 encrypts the concatenation 
R2||r3 with the public key Kpesc obtained in Step S89. 
In Step S96, the cross-authenticating portion 39 of the 
content provider 2 sends the encrypted concatenation 
10 R2||r3 to the cross-authenticating portion 17 of the EMD 
service centre 1. 

[0106] In Step S97, the cross-authenticating portion 17 
of the EMD service centre 1 decrypts the encrypted 
concatenation R2||r3 with its own secret key Ksesc. In 
15 Step S98, the cross-authenticating portion 17 of the 
EMD service centre 1 checks the decrypted random number 
R2 against the random number R2 generated in Step S84 

(the random number R2 prior to encryption) and, if they 
match, it certifies that the content provider 2 is 

2 0 legitimate while, if they do not, the content provider 

2 is deemed to be illegitimate and the processing ends. 
[0107] As described above, the cross-authenticating 
portion 17 of the EMD service centre 1 and the cross- 
authenticating portion 39 of the content provider ,2 
25 perform cross-authentication. The random numbers used 
for cross-authentication are temporary keys Ktemp valid 
only for the processings subsequent to this cross- 
authentication . 

[0108] FIG. 36 is a flowchart for describing an 

3 0 operation correspondent to Step- S12 of FIG. 3 0 and Step 

S23 of FIG. 31 by which the receiver 51 is registered 
in the user managing portion 18 of the EMD service 
centre 1. In Step SlOl, the SAM 62 of the receiver 51 
executes a processing in which, based on output from an 
35 IC card interface 64, it judges whether a backup IC 
card 55 is loaded in the receiver 51 and, where a 
backup IC card 55 is judged to be loaded therein (for 
example, where a receiver 51 is converted to a new 
receiver 51 and, in order for the data of the original 
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receiver 51 to be transferred to new receiver 51, the 
data of the original receiver 51 is backed up to the 
backup IC card 55), the procedure advances to Step S102 
and the backup data stored in the IC card 55 is read. 
5 The details of this processing will be described later 
with reference to the flowchart of FIG. 41. While this 
backup data must of course be stored in the IC card 55 
in advance in order to execute this read processing, 
this processing will be described later with reference 

10 to FIG. 39. 

[0109] If the judgment in Step SlOl is that the backup 
IC card 55 has not been loaded, the procedure skips 
Step S102 and advances to Step S103. In Step S103, the 
cross-authentication module 71 of the SAM 62 performs 

15 cross-authentication with the cross-authenticating 
portion 17 of the EMD service centre 1, and the SAM 62 
sends an authentication certificate to the user 
managing portion 18 of the EMD service centre 1. This 
authentication processing is the same as the processing 

2 0 described wi th reference to FIGS . 33 to 35 and , 

accordingly, a description thereof has been omitted. In 
Step S103, the authentication certificate transmitted 
to the user managing portion 18 of the EMD service 
centre 1 by the SAM 62 contains the data shown in FIG. 
25 37. While the authentication certificate transmitted by 
the SAM 62 has a configuration essentially the same as 
the authentication certificate of the content provider 
2 shown in FIG. 14, it contains additional data that 
indicates whether or not .it is subordinate to another 

3 0 SAM. In Step S104, the. SAM 62 sends information and so 

on of a settlement agency such as the user's bank 
encrypted with the temporary key Ktemp to the user 
managing portion 18 of the EMD service centre 1 via the 
communicating portion 61. 
35 [0110] In Step S105, the user managing portion 18 of 
the EMD service centre 1 searches the user registration 
database shown in FIG. 7 on the basis of the received 
ID of the SAM 62. In Step S106, the user managing 
portion 18 of the EMD service centre 1 judges whether 
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or not the SAM 62 of the received ID can be registered 
and, where it is judged that the SAM 62 of the received 
ID can be registered, the procedure advances to Step 
S107 and the SAM 62 of the received ID is judged as 
5 being newly registered. When the SAM 62 of the received 
ID is judged as not being newly registered in Step 
S107, the procedure advances to Step S108. 
[0111] In Step S108, the user managing portion 18 of 
the EMD service centre 1 executes the new registration, 

10 and searches the user registration database on the 
basis of the received ID and produces a registration 
list. This registration list is, for example,, of a 
structure as shown in FIG. 38, and is configured from, 
correspondent to the ID of the SAM of the device, a 

15 registration refusal flag indicating whether or not 
registration has been refused by the user managing 
portion 18 of the EMD service centre 1, a status flag 
indicating the usage conditions of the content key Kco 
for a subordinate device, a condition flag indicating 

2 0 whether or not the device is a subordinate device, and 

a signature obtained by encoding a hash value generated 
by application of a hash function to the registration 
refusal flag, status flag and condition flag with a 
secret key Ksesc of the EMD service centre 1. 
25 [0112] The ID of the SAM of the device expresses an ID 
constituted from 64 bits peculiar to the device (in 
FIG. 38 expressed as a hexdecimal number) . A "1" of the 
registration refusal flag indicates that the user 
managing portion 18 of the EMD service centre 111 has 

3 0 registered the device of the corresponding ID, and an 

"0" of the registration denial flag indicates that the 
user managing portion 18 of the EMD service centre 1 
has refused the registration of the device of the 
corresponding ID. 
35 [0113] An MSB (Most Significant Bit) "1" of the status 
flag indicates that a content key can be received from 
a "parent" device (for example receiver 51) to which a 
"child" device (for example recorder 53) of a 
correspondent ID is subordinate, and an MSB "0" of the 
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status flag indicates that a content key Kco cannot be 
received from the "parent" device to which the ''child" 
device of • the correspondent ID is subordinate. A 2"^^ bit 
"1" from the highest order of the status flag indicates 
5 that a content key Kco encrypted by a saved key Ksave 
of the "parent" device is able to be received from the 
"parent" device to which a "child" device of the 
correspondent ID is subordinate. A 3''^ bit "1" from the 
highest order of the status flag indicates that a 

10 content key Kco encrypted with a delivery key Kd is 
able to be received from a "parent" device to which a 
"child" device of a correspondent ID is subordinate. An 
LSB (Least Significant Bit) "1" of the status flag 
indicates that a subordinate "parent" device has 

15 purchased a content key Kco encrypted with a delivery 
key Kd, and that the content key Kco encrypted with the 
temporary key Ktemp has been transferred to a "child" 
device of the correspondent ID, 

[0114] The "0" of the condition flag indicates that a 

20 device of the corresponding ID (that is to say, for 
example, a "parent" device such as the receiver 51) is 
able to directly communicate with the user managing 
portion 18 of the EMD service centre 1, and the "1" of 
the condition flag indicates that a device of the 

25 correspondent ID (that is to say, a "child" device such 
as a recorder 53) is not able to directly communicate 
with the user managing portion 18 of the EMD service 
centre 1. When the condition flag is "0", the status 
flag is always set to "0000". 

3 0 [0115] In Step S109, the user managing portion 18 of 
the EMD service centre 1 sends the delivery key Kd 
supplied from the key server 14 encrypted with the 
temporary key Ktemp supplied from the cross- 
authenticating portion 17 to the SAM 62 of the receiver 

35 51. In Step SllO, the SAM 62 of the receiver 51 
encrypts the delivery key Kd with the temporary key 
Ktemp and stores the result in the storage module 73. 
[0116] In Step Sill, the user managing portion 18 of 
the EMD service centre 1 sends the* registration list 
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encrypted with the temporary key Ktemp to the SAM 62 of 
the receiver 51. In Step S112, the SAM 62 of the 
receiver 51 encrypts the received registration list 
with the temporary key Ktemp, and stores the result in 
5 the storage module 73 which ends the processing. 

[0117] In Step S107, if the SAM 62 of the received ID 
is judged as being newly registered, the procedure 
advances to Step S114, and the user managing portion 18 
of the EMD service centre 1 then executes a new 
:10 registration and produces a registration list, and the. 
procedure then advances to Step S109. 

[0118] If the SAM 62 of the received ID is judged in 
Step S106 as being unable to be registered, the 
procedure advances to Step SI 13 where the user managing 
15 portion 18 of the EMD service centre 1 produces a 
registration refusal registration list; and the 
procedure then advances to Step Sill. 

[0119] In this way, the receiver 51 is registered in 
the EMD service centre 1 . 

2 0 [012 0] The details of the processing for storing 

predetermined data such as the delivery key Kd stored 
in the hitherto used storage module 73 of the receiver 
51 in the IC card 55 will be hereinafter described with 
reference to the flowchart of FIG. 39. In Step-S121, 
25 the cross-authentication module 71 of the SAM 62 
performs a cross-authentication with a cross- 
authentication module 80 of the IC card 55. This 
authentication processing is the same as the processing 
described with reference to FIGS. 33 to 35 and, 

3 0 accordingly, a description thereof has been omitted. In 

Step S122, a random number generation unit 92 of the 
SAM 62 generates a random number employed as a backup 
key Kic . In Step S123, the encryption unit 93 of the 
SAM 62 encrypts the ID number of the SAM stored in the 
35 storage module 73, the save key Ksave, and the ID of 
the HDD 52 with the backup key Kic. In Step S124, the 
encryption unit 93 of the SAM 62 encrypts the backup 
key Kic with a public key Kpesc of the EMD service 
centre 1 (in the authentication processing with the EMD 
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service centre 1 (Step S89 of FIG. 35), the SAM 62 
acquires the public key Kpesc of the EMD service centre 
1) . In Step S125, the SAM 62 of the receiver 51 sends 
the ID number of the encrypted SAM, the save key Ksave, 
5 the ID of the HDD 52 and the encrypted backup key Kic 
to the IC card 55 via the IC card interface 64 for 
storage in the storage module 81. 

[0121] As described above, the ID number of the SAM 
stored in the storage module 73 of the SAM 62, the save 

10 key Ksave and the ID of the HDD 52 are encrypted 
employing the backup key Kic, and are stored in the 
cross-authentication module 81 of the IC card 55 
together with the backup key Kic encrypted employing 
the public key Kpesc of the EMD service centre 1. 

15 [0122] The details of another example of the processing 
by which predetermined data such as the delivery key Kd 
stored in a hitherto used storage module 73 of a 
receiver 51 in a IC card 55 will be described with 
reference to the flowchart of FIG. 40. In Step S131, 

20 the cross-authentication module 71 of the SAM 62 
performs a cross-authentication with the cross- 
authentication module 80 of the IC card 55. In Step 
S132, the encryption unit 93 of the SAM 62 employs the 
public key Kpesc of the EMD service centre 1 to encrypt 

2 5 the ID number of the SAM stored in the storage module 
73, the save key Ksave and the ID of the HDD 52. In 
Step S133, the SAM 62 of the receiver 51 sends the 
encrypted ID number of the SAM, the save key Ksave and 
the ID of the HDD 52 to the IC card 55 via the IC card 

30 interface 64 for storage in the cross-authentication 
module 81. 

[0123] Based on the processing of FIG. 40, the ID 
number of the SAM, the save key Ksave and the ID of the 
HDD 52 encrypted employing the public key Kpesc of the 
35 EMD service centre 1 are stored in the cross- 
authentication module 81 of the IC card 55 by a simpler 
processing than the processing described in FIG. 39. 

[0124] In this way, data backed up on the IC card 55, 
is loaded into a new receiver 51 by the processing of 
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Step S102 of FIG. 36. FIG. 41 is a flowchart for 
describing the processing for reading the data backed 
up by the processing of FIG. 39. In Step S141, the 
cross-authentication module 71 of the SAM 62 of the new 
5 receiver 51 performs cross-authentication with the 
cross-authentication module 80 of the IC card 55. This 
authentication processing is the same as the processing 
described with reference to FIGS. 33 to 35 and, 
accordingly, a description thereof has been omitted. 

10 [0125] In Step S142, the SAM 62 reads, via the IC card 
interface 64, the data (backup data of the ID number of 
the SAM, the save key Ksave and ID of the HDD 52) of 
the storage module 73 of the previous receiver 51 
encrypted with the backup key Kic and the backup key 

15 Kic encrypted with the public key Kpesc of the EMD 
service centre 1 stored in the cross-authentication 
module 81. In Step S143, the cross-authentication 
module 71 of the SAM 62 performs cross-authentication 
with the cross-authenticating portion 17 of the EMD 

2 0 service centre 1 via the communicating portion 61. This 
cross-authentication processing is the same as the 
processing described with reference to FIGS. 33 to 35 
and, accordingly, a description thereof has been 
omitted. In Step S144, the SAM 62 sends the data of the 

2 5 storage module 73 encrypted with the backup key Kic and 

backup data Kic encrypted with the public key Kpesc of 
the EMD service centre 1 to the user managing portion 
18 of the EMD service centre 1. 

[0126] In Step S145, the user managing portion 18 of 

3 0 the EMD service centre 1 decrypts the received backup 

key Kic with its own secret key Ksesc. In Step S146, 
the user managing portion 18 of the EMD service centre 
1 decrypts the received backup data with the backup key 
Kic. In Step S147, the user managing portion 18 of the 
35 EMD service centre 1 re-encrypts the decrypted backup 
data with the temporary key Ktemp supplied from the 
cross-authenticating portion 17. In Step S148, the user 
managing portion 18 of the EMD service centre 1 sends 
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the backup data encrypted with the temporary key Ktemp 
to the communicating portion 61 of the receiver 51. 
[0127] In Step S149, the communicating portion 61 sends 
the data received from the user managing portion 18 of 
5 the EMD service centre 1 to the SAM 62 and, after 
decrypting this data, the SAM 62 stores the result 
thereof in the storage module 73. In Step S150, the 
user managing portion 18 of the EMD service centre 1 
sets the data of the user registration database (FIG. 

10 7) correspondent to the ID of the SAM 62 of the 
previous device for which data is stored in the IC card 
55 to "unregistered", and the processing ends. 
[012 8] In this way, the new receiver 51 reads the 
backup data of the IC card 55. 

15 [012 9] The processing for reading the data backed up by 
the processing of FIG. 40 will be described with 
reference to FIG. 42. In Step S161, the cross- 
authentication module 71 of the SAM 62 of the receiver 
51 performs a cross-authentication with the cross- 

20 authentication module 80 of the IC card 55. This 
authentication processing is the same as the processing 
described with reference to FIGS. 33 to 35 and, 
accordingly, a description thereof has been omitted. In 
Step S162, the SAM 62, via the IC card interface 64, 

2 5 reads the data (backup data of the ID number of the 
SAM, the -save key Ksave and the ID of the HDD 52) of 
the storage module 73 of a previous receiver 51 
encrypted with the public key Kpesc of the EMD service 
centre 1. 

30 [0130] In Step S163, the cross-authentication module 71 
of the SAM 62 performs cross-authentication with the 
cross-authenticating portion 17 of the EMD service 
centre 1 via the communicating portion 61. This 
authentication processing is the same as the processing 

35 described with reference to FIGS. 33 to 35 and, 
accordingly, a description thereof has been omitted. In 
Step S164, the SAM 62 sends the data of the storage 
module 73 encrypted with the public key Kpesc of the 
EMD service centre 1 via the communicating portion 61 
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to the user managing portion 18 of the EMD service 
centre 1. 

[0131] In Step S165, the user managing portion 18 of 
the EMD service centre 1 decrypts the received data of 
5 the storage module 73 with its own secret key Ksesc, In 
Step S166, the user managing portion 18 of the EMD 
service centre 1 re-encrypts the decrypted backup data 
with the temporary key Ktemp supplied from the cross- 
authenticating portion 17. In Step S167, the user 

10 managing portion 18 of the EMD service centre 1 sends 
the backup data encrypted with the temporary key Ktemp 
to the communicating portion 61 of the receiver 51. 
[0132] In Step S168, the communicating portion 61 of 
the receiver 51 sends the data received from the user 

15 managing portion 18 of the EMD service centre 1 to the 
SAM 62 and, after decrypting this data, the SAM 62 
stores the result thereof in the storage module 73. In 
Step S169, the user managing portion 18 of the EMD 
service centre 1 sets the data of the user registration 

20 database (FIG. 7) correspondent to the ID of the SAM 62 
of the previous device for which data is stored in the 
IC card 55 as "unregistered". 

[0133] In this way, for backup in which the processing 
shown in FIG. 40 is employed, the receiver 51 reads the 
25 backup data of the IC card 55 by the processing of FIG. 
42. 

[0134] While the receiver 51 executes the processing of 
the flowchart of FIG. 36 when performing its own 
registration (executes a processing correspondent to 

30 Step S12 of FIG. 30) , it executes the processing of the 
flowchart of FIG. 43 when registering the recorder 53 
subordinate to the receiver 51 in the EMD service 
centre 1. In Step S181, the SAM 62 of the receiver 51 
writes the ID of the recorder 53 in the registration 

35 list stored in the storage module 73. In Step S182, the 
cross-authentication module 71 of the receiver 51 
performs cross-authentication with the cross- 
authenticating portion 17 of the EMD service centre 1. 
This authentication processing is the same as the 
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processing described with reference to FIGS. 33 to 35 
and, accordingly, a description thereof has been 
omitted. 

[0135] In Step S183, the user managing portion 18 of 
5 the EMD service centre 1 searches the user registration 
database on the basis of the ID of the receiver 51 (ID 
of the SAM 62 contained in the authentication 
certificate of the SAM 62 shown in FIG. 37) and judges 
whether or. not the receiver 51 is unregistered and, if 

10 the receiver 51 is judged to be unregistered, the 
procedure advances to Step S184 where the SAM 62 of the 
receiver 51, for the user managing portion 18 of the 
EMD service centre 1, encrypts the version of the 
delivery key Kd stored in the storage module 73, the 

15 fee information (stored by the later-described 
processing of Step S337 of the flowchart of FIG. 50) , 
the registration list and the usage policy recorded in 
the HDD 52 with the delivery key Kd and sends the 
version of the delivery key Kd stored in the storage 

20 module 73, the fee information, the registration list 
and the usage policy recorded in the HDD 52 to the user 
managing portion 18 of the EMD service centre 1 via the 
communicating portion 61. In Step S185, the user 
managing portion 18 of the EMD service centre 1, after 

2 5 decrypting the received data, executes a fee 

information processing, and updates sections of data 
such as the registration refusal flag and status flag 
and so on' pertaining to the recorder 53 of the 
registration list received from the receiver 51 

3 0 described with reference to FIG. 38, and appends a 

signature in accordance with this data correspondent to 
the receiver 51. 

[0136] In Step S186, the user managing portion 18 of 
the EMD service centre 1 judges whether or not the 
35 version of the delivery key Kd possessed by the 
receiver 51 has been updated and, where it judges that 
the version of the delivery key Kd possessed by the 
receiver 51 has been updated, the procedure advances to 
Step S187 where the updated registration list and a fee 
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information receipt message encrypted with the delivery 
key Kd are transmitted to the receiver 51 and, 
subsequent to receiving and decrypting this updated 
registration list and fee information receipt message, 
5 the receiver 51 stores this information. In Step S188, 
the receiver 51 deletes the fee information stored in 
the storage module 73 and updates the registration list 
to the registration list received in Step S187 from the 
user managing portion 18 of the EMD service centre 1, 

10 after which the procedure advances to Step S191. 

[0137] Where it is judged in Step S186 that the version 
of the delivery key Kd possessed by the receiver 51 has 
not been updated, the procedure advances to Step SI 8 9 
where the user managing portion 18 of the EMD service 

15 centre 1 sends the updated version of the delivery key 
Kd, the updated registration list and the fee 
information receipt message encrypted with a delivery 
key Kd to the receiver 51 and, after receiving and 
decrypting the updated version of the delivery key Kd, 

20 the updated registration list and the fee information 
receipt message, the receiver 51 stores this 
information. In Step S190, the receiver 51 deletes the 
fee information stored in the storage module 73, 
updates the registration list to the list received in 

25 Step S189 from the user managing portion 18 of the EMD 
service centre 1 and updates the delivery key Kd to the 
updated version, after which the procedure advances to 
Step S191. 

[0138] In Step S191, the SAM 62 of the receiver 51 
3 0 references the updated registration list and judges 
whether or not the recorder 53 is unregistered and, 
where the recorder 53 is judged to be unregistered, the 
procedure advances to Step S192 where cross- 
authentication between the receiver 51 and the recorder 
3 5 53 is performed and a temporary key Ktemp is shared. 
This authentication processing is the same as the 
processing described with reference to FIGS. 33 to 35 
and, accordingly, a description thereof has been 
omitted. In Step S193, a registration completion 
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message and a delivery key Kd encrypted with the 
temporary key Kd is transmitted to the recorder 53, and 
the recorder 53 receives and decrypts the registration 
completion message and delivery key Kd. In Step S194, 
5 the recorder 53 updates the delivery key Kd, and then 
the processing ends. 

[0139] Where it is judged in Step S183 that the 
receiver 51 is unregistered and it is judged in Step 
S191 that the recorder 53 is unregistered, the 
10 processing ends. 

[0140] As described above, the recorder 53 subordinate 
to the receiver 51 is registered in the EMD service 
centre 1 via the receiver 51. 

[0141] FIG. 44 is a flowchart for describing the 

15 details of the processing by which, in Step S13 of FIG. 
30, the receiver 51 receives the delivery key Kd 
transmitted to the receiver 51 by the EMD service 
centre 1. In Step S201, the cross-authentication module 
71 of the receiver 51 performs cross-authentication 

2 0 with the cross-authenticating portion 17 of the EMD 
service centre 1. This authentication processing is the 
same as the processing described with reference to 
FIGS. 33 to 35 and, accordingly, a description thereof 
has been omitted. In Step S202, the SAM 62 of the 

25 receiver 51 sends an authentication certificate to the 
user managing portion 18 of the EMD service centre 1 
via the communicating portion 61, and the user managing 
portion 18 of the EMD service centre 1 receives this 
authentication certificate. Steps 203 to 210 describe a 

30 processing the same as the processing of Steps S183 to 
190 of FIG. 43 and, accordingly, a description thereof 
has been omitted. 

[0142] In this way, the receiver 51 receives the 
delivery key Kd from the user managing portion 18 of 
35 the EMD service centre 1, and sends the fee information 
of the receiver 51 to the user managing portion 18 of 
the EMD service centre 1. 

[0143] The processing for receipt of the delivery key 
Kd of the recorder 53 subordinate to the receiver 51 
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(where the status flag of FIG. 38 is a value that 
permits receipt of the delivery key Kd of the recorder 
53) will be hereinafter described with reference to 
FIG. 45. In Step S221, cross-authentication is 
5 performed between the cross-authentication module 71 of 
the receiver 51 and a cross-authentication module not 
shown in the diagram of the recorder 53. This 
authentication processing is the same as the processing 
described with reference to FIGS. 33 to 35 and, 

10 accordingly, a description thereof has been omitted. 

[0144] In Step S222, the receiver 51 judges whether or 
not the data of the recorder 53 is listed in the 
registration list stored in the storage module 73 of 
the receiver 51 and, where the. data of the recorder 53 

15 is judged as being listed in the registration list 
stored in the storage module 73 of the receiver 51, the 
procedure advances to Step S223 where, on the basis of 
the registration list stored in the storage module 73 
of the receiver 51, the recorder 53 is judged as being 

2 0 unregistered. Where the recorder 53 is judged as 

unregistered in Step S223, the procedure advances to 
Step S224, and the SAM 66 of the recorder 53 encrypts 
and sends the version of the delivery key Kd stored in 
an internal module (received from the receiver 51 in 
25 the later-described Step 235 of FIG. 45) and fee 
information (stored by a processing equivalent to a 
later-described Step S337 of a processing correspondent 
to FIG. 50) with a temporary key Ktemp to the SAM 62 of 
the receiver 51, and the SAM 62 of the receiver 51 

3 0 receives and decrypts the version of the delivery key 

Kd and the fee information. 

[0145] In Step S225, the cross-authentication module 71 
of the receiver 51 performs cross-authentication with 
the cross-authenticating portion 17 of the EMD service 
35 centre 1 via the communicating portion 61. This 
authentication processing is the same as the processing 
described with reference to FIGS. 33 to 35 and, 
accordingly, a description thereof has been omitted. In 
Step S226, the user managing portion 18 of the EMD 
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service centre 1 searches the user registration 
database on the basis of the ID of the receiver 51 and 
judges whether or not the receiver 51 is unregistered 
and, where the receiver 51 is judged as unregistered, 
5 the procedure advances to Step S227 where the SAM 62 of 
the receiver 51, via the communicating portion 61, 
sends the version of the delivery key Kd, the fee 
inf orination, the registration list, the usage policy 
recorded in the HDD 52 and the fee information of the 

10 recorder 53 stored in the storage module 73 and 
encrypted with the delivery key Kd to the user managing 
portion 18 of the EMD service centre 1. In Step S228, 
the user managing portion 18 of the EMD service centre 
1, after decrypting the received data, performs a fee 

15 information processing, updates the data sections such 
as the registration refusal flag, status flag 
pertaining to the recorder 53 received from the 
receiver 51 described by FIG. 38, and appends a 
signature in accordance with data correspondent to the 

2 0 receiver 51. 

[0146] The processing of each of Steps 229 to 234 is 
the same as the processing of Steps 186 to 191 and, 
accordingly, a description thereof has been omitted. 
[0147] In Step S234, the SAM 62 of the receiver 51 
25 references the updated registration list and judges 
whether or not the recorder 53 is unregistered and, 
where the recorder 53 is judged as unregistered, the 
procedure advances to Step S235 where the fee 
information receipt message and delivery key Kd 

3 0 encrypted with the delivery key Kd are transmitted to 

the recorder 53, and the recorder 53 receives and 
decrypts this fee information receipt message and 
delivery key Kd. In Step S236, the SAM 66 of the 
recorder 53 deletes the fee information stored in the 
3 5 internal storage module, and updates the delivery key 
Kd to a revised version, 

[0148] Where it is judged in Step S222 that the data of 
the recorder 53 is not listed in the registration list 
stored in the storage module 73 of the receiver 51, the 
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procedure advances to Step S237 where the registration 
processing of the recorder 53 described in FIG. 43 is 
executed, after which the procedure advances to Step 
S224. 

5 [0149] Where the recorder 53 is judged as unregistered 
in Step S223, the receiver 51 is judged as unregistered 
in Step S226, or the recorder 53 is judged as 
unregistered in Step S234, the processing ends. 
[0150] As described above, the recorder 53 subordinate 
10 to the receiver 51 receives the delivery Icey Kd via the 
receiver 51. 

[0151] The processing by which the content, provider 2 
sends the content provider secure container to the 
content provider 2 correspondent to Step S14 of FIG. 3 0 

15 will be hereinafter described with reference to the 
flowchart of FIG. 46. In Step S251, the watermarlcing 
portion 32 of the content provider 2 inserts a 
predetermined watermarlc denoting the content provider 2 
into the content read from the content server 31, and 

20 supplies this content to the compressing portion 33. In 
Step S252, the compressing portion 33 of the content 
provider 2 compresses the content into which a 
watermarlc has been inserted by a predetermined method 
such as ATRAC2, and supplies this to the encrypting 

25 portion 34. In Step S253, the random number generating 
portion 35 generates a random number to be employed as 
a content key Kco and supplies this to the encrypting 
portion 34. In Step S254, the encrypting portion 34 of 
the content provider 2 encrypts the compressed content 

30 in which the watermark has been inserted by a 
predetermined method such as DES using the content key 
Kco generated by the random number generating portion 
35. . 

[0152] In Step S255, the encrypting portion 36 encrypts 
3 5 the content key Kco by a predetermined method such as 
DES with the delivery key Kd supplied by the EMD 
service centre 1 by the processing of Step Sll of FIG. 
30. In Step S256, the secure container producing 
portion 38 of the content provider 2 computes a hash 
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value by applying a hash function to the encrypted 
content, the encrypted content . key Kco and the usage 
policy supplied from policy storing portion 37, and 
encrypts this with its own secret key Ksesc to produce 
5 the signature shown in FIG. 13. In Step S257, the 
secure container producing portion 3 8 of the content 
provider 2 produces the content provider secure 
container shown in FIG. 13 which contains the encrypted 
content, the encrypted content key Kco, the usage 
10 policy supplied from policy storing portion 37 and the 
signature generated in Step S256. 

[0153] In Step S258, the cross-authenticating portion 
3 9 of the content provider 2 performs cross- 
authentication with the cross-authenticating portion 45 

15 of the service provider 3. This cross-authentication 
processing is the same as the processing described with 
reference to FIGS. 33 to 35 and, accordingly, a 
description thereof has been omitted. In Step S259, the 
secure container producing portion 3 8 of the content 

2 0 provider 2 sends this content provider secure container 
with an authentication certificate issued in advance by 
a certifying agency appended thereto to the service 
provider 3, after which the processing ends. 
[0154] As described above, the content provider 2 sends 

2 5 the content provider secure container to the service 

provider 3 . 

[0155] The details of another processing by which the 
content provider 2 sends a service provider secure 
container to the service provider 3 for . an example 

3 0 based on a content Key Kco being encrypted together 

with a usage policy using a delivery key Kd will be 
described with reference to FIG. 47. The processing of 
Steps S271 to S274 is the same as the processing of 
Steps S251 to S254 of FIG. 46 and, accordingly, a 
35 description thereof has been omitted. In Step S275, the 
encrypting portion 3 6 of the EMD service centre 1 uses 
a predetermined method such as DES to encrypt the 
content key Kco and usage policy supplied from the 
policy storing portion 37 employing the delivery key Kd 
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supplied from the EMD service centre 1 by the 
processing of Step S21 of FIG. 31. 

[0156] In Step S276, the secure container producing 
portion 38 of the EMD service centre 1 computes a hash 
5 value by applying a hash function to the encrypted 
content, the encrypted content key Kco, and the 
encrypted usage policy, and encrypts, this with its own 
secret key Kscp to produce the signature shown in FIG. 
25. In Step S277, the secure container producing 

10 portion 3 8 of the EMD service centre 1 produces the 
content provider secure container shown in FIG. 25 
which contains the encrypted content, the encrypted 
content key Kco, the encrypted usage policy, and the 
signature. The processing of Steps S278 and 279 is the 

15 same as the processing of Steps S258 and S259 of FIG. 
46 and, accordingly, a description thereof has been 
omitted. 

[0157] In this way, the EMD service centre 1 sends the 
content provider 2 secure container containing an 

2 0 encrypted usage policy to the service provider 3. 

[0158] The details of the processing correspondent to 
Step S15 of FIG. 3 0 by which the EMD service centre 1 
sends a service provider secure container to the 
recorder 53 will be hereinafter described with 
25 reference to the flowchart of FIG. 48. In Step S291, 
the pricing portion 42 of the service provider 3 
verifies the signature contained in the authentication 
certificate attached to the content provider secure 
container transmitted from the secure container 

3 0 producing portion 3 8 of the content provider 2 and, 

where the authentication certificate has not 'been 
falsified, extracts the public key Kpcp of the content 
provider 2 therefrom. The verification of the signature 
of the authentication certificate is the same as in the 
35 processing of Step S83 of FIG. 35 and, accordingly, a 
description thereof has been omitted. 

[0159] In Step S292, the pricing portion 42 of the 
service provider 3 decrypts the signature of the 
content provider secure container transmitted from the 
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secure container producing portion 3 8 of the content 
provider 2 with the public key Kpcp of the content 
provider 2, verifies that the obtained hash value 
matches the hash value obtained by applying a hash 
5 function to the encrypted content, the encrypted 
content key Kco and the usage policy to verify that the 
content provider secure container has not been 
falsified and, if falsification is detected, the 
processing ends. 

10 [0160] Where there .is no falsification of the content 
provider secure container detected in Step S293, the 
pricing portion 42 of the service provider 3 extracts 
the usage policy from the content provider secure 
container. In Step S2 94, the pricing portion 42 of the 

15 service provider 3 produces the pricing information 
described in FIG. 17 on the basis of the usage policy. 
In Step S295, the secure container producing portion 44 
of the service provider 3 produces the service provider 
secure container shown in FIG. 15 which contains the 

2 0 encrypted content, the encrypted content key Kco, the 
usage policy, the pricing information, and a signature 
of a value obtained by encrypting a hash value obtained 
by applying a hash function to the encrypted content, 
the encrypted content key Kco, the usage policy and the 

2 5 pricing information with its own secret key Kssp. 

[0161] In Step S296, the cross-authenticating portion 
45 of the service provider 3 performs cross- 
authentication with the cross-authentication module 71 
of the receiver 51. This cross-authentication 

3 0 processing is the same as the processing described with 

reference to FIGS. 33 to 35 and, accordingly, a 
description thereof has been omitted. In Step S297, the 
secure container producing portion 44 of the service 
provider 3 sends the service provider secure container 
3 5 4 to which the authentication certificate has been 
attached to the communicating portion 61 of the 
receiver 51. 

[0162] In this way, the service provider 3 sends a 
service provider secure container to the receiver 51. 
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[0163] The details of the processing by which the 
service provider 3 sends a service provider secure 
container to the receiver 51 for an example based on 
the usage policy being encrypted with a delivery key Kd 
5 in the content provider 2 and usage control information 
being produced by the service provider 3 will be 
hereinafter described with reference to the flowchart 
of FIG. 49. The processing of Steps S311 and S312 is 
the same as the processing of Steps 291 and S292 of 

10 FIG. 48 and, accordingly, a description thereof has 
been omitted. In Step S313, the pricing portion 42 of 
the service provider 3 decrypts the encrypted usage 
policy contained in the content provider secure 
container. In Step S3 14, the pricing portion 42 of the 

15 service provider 3 produces the usage control 
information described in FIG. 23 on the basis of this 
usage policy. The processing of Steps S315 to S318 is 
the same as the processing of Steps 294 to S297 of FIG. 
48 and, accordingly, a description thereof has been 

2 0 omitted. 

[0164] In this way, the service provider 3 sends a 
service provider secure container containing an 
encrypted usage policy to the receiver 51. 
[0165] The details of the fee processing of the 

2 5 receiver 51 correspondent to Step S16 of FIG. 3 0 

executed subsequent to a legitimate service provider 
secure container being received will be hereinafter 
described with reference to the flowchart of FIG. 50. 
In Step S331, the encryption/decryption module 74 of 

3 0 the receiver 51 judges whether or not content Icey Kco 

can be decrypted with the delivery Icey Kd, and where 
the content Icey Kco is judged as not being able to be 
decrypted with the delivery Icey Kd, the receiver 51 
executes a processing for receipt of the delivery Icey 
35 Kd described in FIG. 44 in Step S332, and the procedure 
then advances to Step S333. When the content Icey Kco is 
judged as being able to be decrypted by the delivery 
Icey Kd in Step S331, the procedure slcips Step S3 3 2 and 
advances to Step S333. In Step S333, the decryption 
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unit 91 of the receiver 51 decrypts the content Kco 
with the delivery key Kd stored in the storage module 

73 by the processing of Step S13 of FIG. 30. 

[0165] In Step S334, the fee processing module 72 of 
5 the receiver 51 extracts the usage policy and pricing 
information contained in the service provider secure 
container, and generates the fee information and 
license conditions information described by FIG. 19 and 
FIG. 20. In Step S335, the fee processing module 72 of 

10 the receiver '51 judges whether or not a current 
calculated fee is higher than the calculated fee upper 
limit from the fee information computed in Step S334 
and the fee information stored in the storage module 73 
and, where the current calculated fee is judged to be 

15 higher than the upper limit, the procedure advances to 
Step S336 where the receiver 51 executes a processing 
for the receipt of a new delivery key Kd, described by 
FIG. 4, after which the procedure advances to Step 
S337, Where the current calculated fee is judged to be 

2 0 less than the calculated fee upper limit in Step S335, 

Step S3 3 6 is skipped and the procedure advances to Step 
S337. 

[0167] In Step S337, the fee processing module 72 of 
the receiver 51 stores the fee information in the 
25 storage module 73. In Step S338, the fee processing 
module 72 of the receiver 51 records the license usage 
conditions information generated in Step S334 in the 
HDD 52. In Step S339, the SAM 62 of the receiver 51 
records the usage policy extracted from the service 

3 0 provider secure container in the HDD 52. 

[0168] In Step S340, the encryption/decryption module 

74 of the receiver 51 applies a hash function to the 
license usage conditions information to compute a hash 
value. In Step S341, the storage module 73 of receiver 

35 51 stores the hash value of the license usage 
conditions information. Where there is no save key 
Ksave stored in the storage module 73, the encryption 
unit 92 of the receiver 51 generates a random number in 
Step S342 which serves as the save key Ksave, and the 
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procedure then advances to Step S343. Where a save key 
Ksave is stored in the storage module 73, Step S342 is 
skipped and the procedure advances to Step S343. 
[0169] In Step S343, the encryption unit 93 of the 
5 receiver 51 encrypts the content key Kco with the save 
key Ksave. In Step S344, the SAM 62 of the receiver 51 
stores the encrypted content key Kco in the HDD 52 . 
Where there is no save key Ksave stored in the storage 
module 73, the encryption/decryption module 74 stores a 
10 save key Ksave in the storage module 73 in Step S345, 
and the processing then ends. Where a save key Ksave is 
stored in the storage module 73, Step S345 is skipped 
and the processing ends. 

[0170] As is described above, the receiver 51 stores 

15 the fee information in the storage module 73, decrypts 
the content key Kco with the delivery key Kd, re- 
encrypts the content key Kco with the save key Ksave, 
and stores this in the HDD 52, The save key Ksave is 
stored in the storage module 73. 

20 [0171] The recorder 53, by a similar processing, stores 
the fee information in the storage module of the SAM 
66, decrypts the content key Kco with the delivery key 
Kd, re-encrypts the content key Kco with a save key 
Ksave, and stores this in the HDD 52. The save key 

25 Ksave is stored in the storage module of the SAM 66. 

[0172] The details of the processing correspondent to 
Step S17 of FIG. 3 0 by which the receiver 51 reproduces 
the content will be described with reference to FIG. 
51. In Step S361, the encryption/decryption module 74 

3 0 of the receiver 51 reads the license usage conditions 
info2rmation stored according to Step S338 of FIG. 50 
and the content key Kco encrypted and stored according 
to Step S3 44 from the HDD 52. In Step S3 62, the 
encryption/decryption module 74 of the receiver 51 

35 applies a hash function to the license usage conditions 
information to compute a hash value. 

[0173] In Step 363, the encrypt ion /decrypt ion module 74 
of the receiver 51 judges whether or not the hash value 
computed in Step S3 62 matches the hash value stored in 
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the storage module 73 according to S340 of FIG. 50, and 
where the hash value computed in Step S3 62 is judged as 
matching the hash value stored in the storage module 
73, the procedure advances to Step S364 and the 
5 predetermined information contained in the license 
usage conditions information such as the usage 
frequency value is updated. In Step S3 65, the 
encryption/decryption module 74 of the receiver 51 
applies a hash function to the updated license usage 

10 conditions to compute a hash value. In Step S3 66, the 
storage module 73 of the receiver 51 stores the hash 
value of the license usage conditions information 
computed in Step S365. In Step S367, the 
encryption/decryption module 74 of the receiver 51 

15 records the updated license usage conditions 
information in the HDD 52 . 

[0174] In Step S368, the cross-authentication module 71 
of the SAM 62 and the cross-authentication module 7 5 of 
the expanding portion 63 perform a cross- 

20 authentication, and the SAM 62 and expanding portion 63 
store a temporary key Ktemp. This cross-authentication 
processing is the same as the processing described with 
reference to FIGS. 33 to 35 and, accordingly, a 
description thereof has been omitted. Random niimbers 

2 5 Rl, R2 or R3 employed in the cross-authentication serve 
as the temporary keys Ktemp. In Step S3 69, the 
decryption unit 91 of the encryption/decryption module 
74 decrypts the content key Kco stored in the HDD 52 in 
Step S344 of FIG, 50 with the decrypted save key Ksave 

30 stored in the storage module 73, In Step S370, the 
encryption unit 93 of the encryption/decryption module 
74 encrypts the decrypted content key Kco with the 
temporary key Ktemp. In Step S3 71, the SAM 62 sends the 
content key Kco encrypted with the temporary key Ktemp 

35 to the encrypting portion 363. 

[0175] In Step S372, the decryption module 76 of the 
expanding portion 63 decrypts the content key Kco with 
the temporary key Ktemp. In Step S373, the SAM 62 reads 
the content recorded in the HDD 52 and sends this to 
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the expanding portion 63. In Step S374, the decryption 
module 77 of the expanding portion 63 decrypts the 
content with the content key Kco. In Step S375, an 
expansion module 78 of the expanding portion 63 expands 
5 the decrypted content using a predetermined method such 
as ATRAC. In Step S376, a watermarking module 79 of the 
expanding portion 63 inserts a predetermined watermark 
that identifies the receiver 51 into the expanded 
content. In Step S377, the receiver 51 outputs the 

10 reproduced content to a speaker or the like not shown 
in the diagram, and the processing ends. 
[017 6] Where it is judged in Step S3 63 that the hash 
value computed in Step S3 62 does not match the hash 
value stored in the storage module 73, in Step S37 8, 

15 the SAM 62 executes a predetermined error processing 
such as the display of an error message in a display 
device not shown in the diagram, and the processing 
ends . 

[0177] In this way, the receiver 51 reproduces the 

2 0 content. 

[0178] FIG. 52 is a flowchart for describing the 
processing by which, in the user home network 5 of the 
configuration shown in FIG. 11, a receiver . 51 
reproduces content in a decoder 56. The processing of 
25 Steps S391 to S397 is the same as the processing of 
Steps S361 to S367 of FIG. 51 and, accordingly, a 
description thereof has been omitted. 

[0179] In Step S398, the cross-authentication module 71 
of the SAM 62 and a cross-authentication module 101 of 

3 0 the decompressing portion 64 perform cross- 

authentication and share a temporary key Ktemp. This 
cross-authentication processing is the same as the 
processing described with reference to FIGS. 33 to 3 5 
and, accordingly, a description thereof has been 
35 omitted. The random numbers Rl, R2 and R3 employed for 
the cross-authentication serve as the temporary keys 
Ktemp. In Step S399, the decryption unit 91 of the 
encryption/decryption module 74 decrypts the content 
key Kco stored in the HDD 52 using the save key Ksave 
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stored in the storage module 73. In Step S400, the 
encryption unit 93 of the encrypt ion /decrypt ion module 
74 encrypts the decrypted content key Kco using the 
temporary key Ktemp. In Step S401, the SAM 62 sends the 
5 encrypted content key Kco encrypted with the temporary 
key Ktemp to the decoder 56. 

[0180] In Step S402, a decryption module 102 of the 
decoder 56 decrypts the content key Kco using the 
temporary key Ktemp. In Step S403, the SAM 62 reads the 

10 content recorded on the HDD 52 and sends this to the 
decoder 56. In Step S404, a decryption module 103 of 
the decoder 56 decrypts • the content with the content 
key Kco. In Step S405, an expansion module 104 of the 
decoder 56 expands the decrypted content by a 

15 predetermined method such as ATRAC 2 . In Step S406, a 
watermarking module 105 of the decoder 56 inserts a 
watermark that identifies the decoder 56 into the 
expanded content. In Step S407, the decoder 56 outputs 
reproduced content to speakers or the like not shown in 

2 0 the diagram, and the processing ends. 

[0181] The processing of Step S408 is the same as the 
processing of Step S378 of FIG. 51 and, accordingly, a 
description thereof has been omitted. 

[0182] As is described above, for a user home network 

2 5 of the configuration shown in FIG. 11, content received 

by the receiver 51 reproduced by the decoder 56. 
[0183] Notably, while in the description above music 
data is used as an example of content, content is not 
limited to music data alone, and moving image data, 
30 still image data, text data, or program data can also 
be employed. At this time, a compression method 
suitable for the content type such as MPEG (Moving 
Picture Experts Group) can be selected if the content 
is image data. A type of watermark of a format suitable 

3 5 for the content type is also used. 

[0184] While the description given above uses a block 
cipher DES as the common-key cipher, FEAL proposed by 
NTT (Trademark), IDEA (International Data Encryption 
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Algorithm) , or a stream cipher that encrypts a bit or 
several bits of data at a time can also be employed. 
[0185] Furthermore, while the use of common-key 
cryptography, for encrypting the content and the content 
5 key Kco is described above, public -key cryptography can 
also be used. 

[0186] Notably, the term system used in this 
specification refers to an apparatus configured from a 
plurality of devices in its entirety. 

10 [0187] In addition to recording media such as magnetic 
discs, CD-ROMs and solid state-memories, communications 
media such as satellites ' can also be used as the 
providing medium for providing the computer programs 
for executing the processings described above. 

15 [0188] [Effect of the Invention] Based on the 
information processing apparatus according to Claim 1, 
the information processing method according to Claim 2, 
and the providing medium according to Claim 3, cross- 
authentication is performed, a temporary key is 

20 generated, a second key is stored, a first key is 
decrypted with the second key, the first key is 
encrypted with the temporary key, the first key is 
decrypted with the temporary key, and information is 
decrypted with the first key and, accordingly, the key 

25 used for encrypting the information cannot be read when 
the information is being decrypted. 
[Brief Description of the Drawings] 
[FIG. 1] is a diagram describing an EMD system; 
[FIG. 2] is a block diagram illustrating a functional 

3 0 configuration of an EMD service centre 1; 

[FIG. 3] is a diagram describing transmission of a 
delivery key Kd of the EMD service centre 1; 
[FIG. 4] is another diagram describing transmission of 
a delivery key Kd of the EMD service centre. 1; 

35 [FIG. 5] is another diagram describing transmission of 
a delivery key Kd of the EMD service centre 1; 
[FIG. 6] is another diagram is another diagram 
describing transmission of a delivery key Kd of the EMD 
service centre 1; 
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[FIG. 7] is a diagram describing a user registration 
database; 

[FIG. 8] is a block diagram illustrating a functional 
configuration of a content provider 2; 
5 [FIG. 9] is a block diagram illustrating a functional 
configuration of a service provider 3; 

[FIG. 10] is a block diagram illustrating the 
configuration of a user home network 5; 

[FIG. 11] is another block diagram illustrating a 
10 configuration of a user home network 5; 

[FIG. 12] is a diagram describing content and 
information appended to the content; 

[FIG. 13] is a diagram describing a content provider 
secure container; 
15 [FIG. 14] is a diagram describing a certificate of the 
content provider 2; 

[FIG. 15] is a diagram describing a service provider 
secure container; 

[FIG. 16] is a diagram describing an authentication 
20 certificate of the service provider 3; 

[FIG. 17] is a diagram illustrating a usage policy, 
pricing information and license usage conditions 
information; 

[FIG. 18] is a diagram describing single copy and 
25 multiple copy;. 

[FIG. 19] is a diagram describing usage policy and 
pricing information; 

[FIG. 20] is a diagram describing usage policy, pricing 
information and license usage conditions information; 
3 0 [FIG. 21] is a diagram describing another configuration 
of content and information appended to the content; 
[FIG. 22] is a diagram describing a service provider 
secure container; 

[FIG. 23] is a diagram describing usage policy, usage 
35 control information,' pricing information and license 
usage conditions information; 

[FIG. 24] is a diagram describing another 

configuration of content and information appended to 
the content; 
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[FIG. 25] is a diagram describing a content provider 
secure container; 

[FIG. 26] is a diagram describing a service provider 
secure container; 
5 [FIG. 27] is a diagram describing an operation for 
receipt of fee information of tlie EMD service centre 1 
from tlie user liome network 5; 

[FIG. 28] is a diagram describing a profit distribution 
processing operation of the EMD service centre 1; 
10 [FIG. 29] is a diagram describing a processing 
operation for sending content usage record information 
of the EMD service centre 1 to JASRAC; 

[FIG. 30] is a flowchart for describing content 
distribution processing; 
15 [FIG. 31] is a flowchart for describing content 
distribution proces.sing; 

[FIG. 32] is a flowchart for describing the processing 
by which the EMD service centre 1 sends a delivery Icey 
Kd to the content provider 2 ; 
20 [FIG. 33] is a flowchart for describing the cross- 
authentication operation between the content provider 2 
and the EMD service centre 1; 

[FIG. 34] is another flowchart for describing the 

cross-authentication operation between the content 
2 5 provider 2 and the EMD service centre 1; 

[FIG. 35] is another flowchart for describing the 

cross-authentication operation between the content 

provider 2 and the EMD service centre 1; 

[FIG. 36] is a flowchart for describing the 
30 registration processing of a receiver 51 in the EMD 

service centre 1; 

[FIG. 37] is a diagram describing a SAM authentication 
certificate; 

[FIG. 38] is a diagram describing, a registration list; 
35 [FIG. 39] is a flowchart illustrating the baclcup 
processing of the data of a SAM 62 in an IC card 55; 
[FIG. 40] is a flowchart illustrating the baclcup 
processing of the data of a SAM 62 in an IC card 55; 
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[FIG. 41] is a flowchart illustrating the processing 
for reading backup data of the IC card 55 onto a new 
receiver; 

[FIG. 42] is another flowchart illustrating the 
5 processing for reading baclcup data of the IC card 55 
onto a new receiver; 

[FIG. 43] is a flowchart illustrating the processing by 
which the receiver 51 registers a subordinate recorder 
53 in the EMD service centre 1; 
10 [FIG. 44] is a flowchart illustrating the processing by 
which the receiver 51 receives a delivery Icey Kd from 
the EMD service centre 1; 

[FIG. 45] is a flowchart illustrating the processing 
for receipt of a delivery Icey Kd by a recorder; 
15 [FIG. 46] is a flowchart illustrating the processing by 
which the content provider 2 sends a content provider 
secure container to the service provider 3 ; 
[FIG. 47] is another flowchart for illustrating the 
processing by which the content provider 2 sends a 

2 0 content provider secure container to the service 

provider 3 ; 

[FIG. 48] is a flowchart describing the processing by 
which the service provider 3 sends a service provider 
secure container to the receiver 51; 
25 [FIG. 49] is a flowchart describing the processing by 
which the service provider 3 sends a service provider 
secure container to the receiver 51; 

[FIG. 50] is a flowchart describing the fee processing 
of the receiver 51; 

3 0 [FIG. 51] is a flowchart describing the processing by 

which the receiver 51 generates content; and 
[FIG. 52] is a flowchart describing the processing by 
which the receiver 51 reproduces content in a decoder 
56. 

3 5 [Explanation of Symbols] 

1 EMD service centre, 2 Content provider, 3 Service 
provider, 5 User home networlc, 16 Profit distribution 
portion, 18 User managing portion, 42 Pricing portion, 
51 Receiver, 56 Decoder, 61 Communicating portion, 62 



- 70 - 

SAM, 63 Expanding portion, 71 Cross-authentication 
module, 72 Fee processing module, 73 Storage module, 74 
Encryption/Decryption module, 75 Cross-authentication 
module, 7 6 Decryption module, 77 Decryption module, 81 
5 Cross-authentication module, 91 Decryption unit, 92 
Encryption unit, 93 Encryption unit, 101 Cross- 
authentication module, 102 Decryption module, 103 
Decryption module. 
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START REPRODUCTION PROCESSING 
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